cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 8
Report Inappropriate Content
Message 1 of 3

How regroup email notifications of DLP Incidents in one email

Jump to solution

Hi folks,

I'm currently testing the DLP 11.3 in our environment. It's a fresh install of DLP and I've managed to create a rule that monitors all the files that were copied to/from an Removable Device and to receive a notification about it.

The problem is that I do receive a notification for each single file copied. Meaning, if the end user copies 10 files, I do receive 10 emails.

Sounds a silly question but is it a way to receive a digest report with all the files copies per computer name & user? I've googled and read the documentation but I couldn't find what I'm looking for.

Shall I orient myself to do a query to achieve this?
How do you guys use this in your production?
What are the best practices?

Looking forward to hearing from you.

D

Labels (2)
1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: How regroup email notifications of DLP Incidents in one email

Jump to solution
I would like to suggest a workaround. 1. We can duplicate an existing query-Number of Incidents per day (data in-use/in-motion. 2. Now if we edit this query(As Table), we can put additional Columns- Computers Computer IP Computer Name Evidence Classifications Evidence File Extension Evidence File Path Evidence File Size (KB) Evidence File Type Evidence Item Type Evidence Match Count Evidence Name Evidence SHA1 Evidence Short Match String Evidence Unique Match Count Evidence Unique Match Strings 3. Under Filter page, we can use the option-Evidence Rule Name to get the required results.

View solution in original post

2 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: How regroup email notifications of DLP Incidents in one email

Jump to solution
I would like to suggest a workaround. 1. We can duplicate an existing query-Number of Incidents per day (data in-use/in-motion. 2. Now if we edit this query(As Table), we can put additional Columns- Computers Computer IP Computer Name Evidence Classifications Evidence File Extension Evidence File Path Evidence File Size (KB) Evidence File Type Evidence Item Type Evidence Match Count Evidence Name Evidence SHA1 Evidence Short Match String Evidence Unique Match Count Evidence Unique Match Strings 3. Under Filter page, we can use the option-Evidence Rule Name to get the required results.

View solution in original post

Highlighted
Level 8
Report Inappropriate Content
Message 3 of 3

Re: How regroup email notifications of DLP Incidents in one email

Jump to solution
Hi

thanks for reply. That's exactly what I needed.
Silly question, is it any chance that I can ran this query under DLP task incident? Like this, I'm avoiding receiving hourly blank PDF pages if there isn't any incident?

Regards,
David
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community