cancel
Showing results for 
Search instead for 
Did you mean: 

DLP event detail

can anyone tell me the below points details in DLP Whitelisting part

  • Severity                                             
    From which source is the severity defined.
  • Connectivity State                         
    Please elaborate the online and Offline state.
  • Actual / Expected Action            
    what all categories have been configured on the McAfee DLP for this field.
  • Computer IP                                    
    IP address details for many system is missing, How can we capture for all systems.
  • Mobile Device ID
    some mobile device connected to system but its showing "Mobile
    Device ID” as “None",

                                             

2 Replies
Highlighted
McAfee Employee hhoang
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: DLP event detail

  • Severity               
    -- This is configured in each individual rule
  • Connectivity State                         
    -- From the product guide:
    • Online/offline operation
      You can apply different device and protection rules, depending on whether the managed computer is
      online (connected to the enterprise network) or offline (disconnected from the network). Some rules
      also allow you to differentiate between computers within the network and those connected to the
      network by VPN.
    • Connectivity state is determined by the corporate connectivity section in our client configuration policy:
    • Corporate connectivity Corporate Network
      Detection
      Corporate VPN
      Detection
      You can apply different prevent actions to endpoint
      computers in the corporate network or outside the network.
      For some rules, you can apply different prevent actions when
      connected by VPN. To use the VPN option, or to determine
      network connectivity by corporate server rather than by
      connection to McAfee ePO, set the server IP address in the
      relevant section.
  • Actual / Expected Action            
    -- This is whatever reaction was configured in your rule
  • Computer IP                                    
    -- System information is typically pulled by the McAfee agent.  Where exactly are you not seeing the IP address?
  • Mobile Device ID
    -- Mobile device ID is referring to mobile phone integration.  This field was added for future support of mobile devices and does not apply to laptops.

Re: DLP event detail

Hi,

Thank you so much....

Below are the query raised by my client.

I have referred the DLP guide but I need the basic technical explanation of this to make them to understand. thanks again for your reply.

  • Severity                                             
    From which source is the severity defined.
  • Connectivity
    State                         
    Please elaborate the online and Offline state.
  • Actual / Expected
    Action            
    Please let me know what all categories have been configured on the McAfee DLP
    for this field.

  • Computer
    IP                                    
    IP address details for many system is missing, How can we capture for all
    systems.
  • Mobile Device ID
                               
    We found some mobile device connected to system but its showing "Mobile
    Device ID” as “None", Can you please look into this. Some e.g. given
    below:

o   In shared report, Lumia 520 connected to PDCDT01J15ZVQ1
on 1st Feb 2017, but its “Mobile Device ID” showing “None”.

  • Which field in your report will show the path to where
    the file is copied and the path from where it is copied?

.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator