cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 3

DLP Incident Manager - Blank Computer IP Values

Good Morning All,

 

I am looking for information/explanation for something I am seeing in the Incident Manager.

 

Specifically, I've noticed that some incidents record with a blank Computer IP.  This doesn't happen too often.  In fact, since February of this year there have been ~59000 incidents and only 111 have a blank Computer IP value.

 

However, this can be an issue for the other Admins that review DLP Dashboards that have been set up to filter based on Computer IP.  If they have had incidents on systems they manage with a blank computer IPs, it will not show up in their queries.

 

Compared to the total number of incidents a very low percentage have had this issue.  However, the individuals I make these dashboards for to review tend to complain mightily if even one thing is left out.

 

My question is 1.) What causes the Computer IP value to be recorded as blank (None) in the Incident Manager and 2.) Is there anyway of mitigating this from occurring in the future?

 

Thank you for your time and assistance.

2 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: DLP Incident Manager - Blank Computer IP Values

Hi @Greene ,

Thank you for writing in here.

This is a bug after updating the DLP Extensions to DLP 11.4.0.17 and this has been fixed with DLP 11.4.200 Extensions.

DLP 11.4.200 GA to be released in August 2nd week and you can access the same from the McAfee product downloads site.

IPlisted.PNGIPaddress.PNG

 

Thank you.

Regards,
Jithendran S
McAfee Employee
Highlighted
Level 7
Report Inappropriate Content
Message 3 of 3

Re: DLP Incident Manager - Blank Computer IP Values

Afternoon @jsubbura ,

 

Appreciate the input.  I just checked the ePO extensions and 11.4.0.17 is indeed the version of DLP we're using currently.  In the images you linked though, I'm not sure what you're trying to show me.  In the case of what I see in our Incident Manager; the table (first screen shot) lists Computer IP as "None" and the Incident view (second screen shot) will actually not list Computer IP.  As in no label, just Computer Name, User Name, etc.

Just to double check; I'm assuming there's no other option to mitigate this from happening other than updating the extension to 11.4.200?

Also,  is there any place where this is written down as a 'Known Issue'?  Such as a KC article or such.  Something to present to the people above me to make them aware of this.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community