hi,
i do not know if it is about Epo but if it is not support me please and give me recommendations. the situation is that a user sent attached file on the web it was about more than one month and i want to see if it really was sent, we know date, Url and ip address. someway can we get this information?. i tried reports but it can not see attached files, can i get this information on sql server or i do not know. it is really important.
thanks
Solved! Go to Solution.
Hi @Georgiancard ,
These settings should capture the URL information for the Incidents which you are triggering now, if you dont see the URL information at all even after applying these changes to the client machine then I advise you to raise a service request with McAfee Support for further troubleshooting.
Thank you.
I think you can track URL/ source hostname and date if you are using DLP product. Let me know if you are using product, i will move this thread to DLP forum for further assistance.
Am not sure. I moved this post to DLP forum so that DLP experts can assist you further.
Hi @Georgiancard ,
Thank you for writing in here.
If you have DLP installed on the client machine at the time when the user sent the file and if that file was matching the rules which you have created then DLP would have created an Incident and that Incident would be sent to EPO provided the user machine was communicating to EPO properly at that time.
Since you have the IP address of the user machine you can get the machine name from EPO system tree and you can do this,
You can put a filter in the DLP Incident manager for that date and enter the computer name of the machine as well,
Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Thank you.
Hi @Georgiancard ,
I am referring to the DLP Web protection rule in here.
Can you check with your in house DLP Administrators who creates and manages the DLP rules in your EPO to know about the Web protection rules which you have in your DLP policies?
If you are unaware of the rules, nevermind, you can use the filters as explained in my post above and achieve your requirement.
Thank you.
Hi @Georgiancard ,
Kindly note that, If there is no web protection rule then DLP will not capture your uploads to the web.
May be you can contact your web gateway team to know if there are any logs at their end.
Thank you.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA