Showing results for 
Show  only  | Search instead for 
Did you mean: 

DLP 9.4/10/11 - SIEM integration (RSA)

Has anyone configured their RSA SIEM to digest DLP Incidents from the new table structure introduced with DLP 9.4/10/11 ?

With 9.3 we are using a SQL Query against the EPO DB to pull DLP events - we used the query provided with the RSA SIEM.

RSA hasn't updated this connector yet from what we can determine.

Any one have a SQL query to pull the DLP Incidents in general (Dim and DiU).

3 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: DLP 9.4/10/11 - SIEM integration (RSA)

Try these:

[UDLP_Incidents] - All incidents in your Incident manager

[UDLP_Incidents_Archive] - All incidents in your incident history

You would need quite a few more tables if you wanted data based on the data loss vector.

Re: DLP 9.4/10/11 - SIEM integration (RSA)

This is Vijay. Thanks for the table names. 
Is there a table to check transferred file name in the event itself and details of sender and recipient. If yes , please share it.

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: DLP 9.4/10/11 - SIEM integration (RSA)

KB90391 Data Loss Prevention Endpoint 11.x.x Database Schema

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community