cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Georgiancard
Level 10
Report Inappropriate Content
Message 1 of 22
‎03-26-2020 12:22 AM

Get information about attached file which was sent on web more than one month

Jump to solution

hi,

i do not know if it is about Epo but if it is not support me please and give me recommendations. the situation is that a user sent attached file on the web it was about more than one month and i want to see if it really was sent, we know date, Url and ip address. someway can we get this information?. i tried reports but it can not see attached files, can i get this information on sql server or i do not know.  it is really important.

thanks

0 Kudos
Reply
1 Solution

Accepted Solutions
jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 20 of 22
‎03-27-2020 04:05 AM

Re: Get information about attached file which was sent on web more than one month

Jump to solution

Hi @Georgiancard ,

These settings should capture the URL information for the Incidents which you are triggering now, if you dont see the URL information at all even after applying these changes to the client machine then I advise you to raise a service request with McAfee Support for further troubleshooting.

 

Thank you.

Regards,
Jithendran S
McAfee Employee

View solution in original post

0 Kudos
Reply
21 Replies
LKS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 22
‎03-26-2020 01:55 AM

Re: Get information about attached file which was sent on web more than one month

Jump to solution

I think you can track URL/ source hostname and date if you are using DLP product. Let me know if you are using product, i will move this thread to DLP forum for further assistance.

0 Kudos
Reply
Georgiancard
Level 10
Report Inappropriate Content
Message 3 of 22
‎03-26-2020 02:16 AM

Re: Get information about attached file which was sent on web more than one month

Jump to solution
we use DLP, but which policy can it identify?
0 Kudos
Reply
LKS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 22
‎03-26-2020 02:20 AM

Re: Get information about attached file which was sent on web more than one month

Jump to solution

Am not sure. I moved this post to DLP forum so that DLP experts can assist you further. 

0 Kudos
Reply
Georgiancard
Level 10
Report Inappropriate Content
Message 5 of 22
‎03-26-2020 02:20 AM

Re: Get information about attached file which was sent on web more than one month

Jump to solution
ok thanks
0 Kudos
Reply
jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 22
‎03-26-2020 02:37 AM

Re: Get information about attached file which was sent on web more than one month

Jump to solution

Hi @Georgiancard ,

Thank you for writing in here.

If you have DLP installed on the client machine at the time when the user sent the file and if that file was matching the rules which you have created then DLP would have created an Incident and that Incident would be sent to EPO provided the user machine was communicating to EPO properly at that time.

Since you have the IP address of the user machine you can get the machine name from EPO system tree and you can do this,

You can put a filter in the DLP Incident manager for that date and enter the computer name of the machine as well,

filter.PNG

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thank you.

Regards,
Jithendran S
McAfee Employee
0 Kudos
Reply
Georgiancard
Level 10
Report Inappropriate Content
Message 7 of 22
‎03-26-2020 04:23 AM

Re: Get information about attached file which was sent on web more than one month

Jump to solution
hi thanks for answer, which rule do you mean can you tell me?
0 Kudos
Reply
jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 22
‎03-26-2020 04:40 AM

Re: Get information about attached file which was sent on web more than one month

Jump to solution

Hi @Georgiancard ,

I am referring to the DLP Web protection rule in here.

Can you check with your in house DLP Administrators who creates and manages the DLP rules in your EPO to know about the Web protection rules which you have in your DLP policies?

If you are unaware of the rules, nevermind, you can use the filters as explained in my post above and achieve your requirement.

 

Thank you.

Regards,
Jithendran S
McAfee Employee
0 Kudos
Reply
Georgiancard
Level 10
Report Inappropriate Content
Message 9 of 22
‎03-26-2020 04:43 AM

Re: Get information about attached file which was sent on web more than one month

Jump to solution
there is no web protection rule, and does it show us attachment?
0 Kudos
Reply
jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 22
‎03-26-2020 04:45 AM

Re: Get information about attached file which was sent on web more than one month

Jump to solution

Hi @Georgiancard ,

Kindly note that, If there is no web protection rule then DLP will not capture your uploads to the web. 

May be you can contact your web gateway team to know if there are any logs at their end.

 

Thank you.

Regards,
Jithendran S
McAfee Employee
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC