I need to find a way to have Device Control report/email/alert when a blocked event has happened.
We had a lot of machines and use Device Control in a white list format. Basically, we block EVERYTHING unless we have approved the device.
Currently I am having to run a SQL query to pull any decent info out, mainly PID and VID of blocked devce. It also it easier to filter out the duplicates but I need realtime reporting , not manual efforts.
The email aerting you can configure via the DLP Incident Manager is ok but you cannot see PID/VID infoor filter out on PID/VID. There is also no way to just pull out the unique alerts over the last 15 minutes for example.
Can anyone shed some light on what they use for Devcie COntrol event alerting ?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.