cancel
Showing results for 
Search instead for 
Did you mean: 
smacklay
Level 7

DLP Action Queries

Hey Guys,

I'm a Qradar guy & got some queries in McAfee DLP Endpoint.

What are all the events which are considered as Violation in terms of DLP - Confirmed & Possible Data Loss. I went though the URL  McAfee Corporate KB - Data Loss Prevention Endpoint 9.3/9.4 event codes for ePolicy Orchestrator 5.x... but still unclear.

What is the consequence for User Logged Into Safe Mode (19104)?

Also kindly let me know the events to choose to detect confirmed & possible Data Loss.

0 Kudos