cancel
Showing results for 
Search instead for 
Did you mean: 
GJGVA
Level 8
Report Inappropriate Content
Message 1 of 3

How regroup email notifications of DLP Incidents in one email

Jump to solution

Hi folks,

I'm currently testing the DLP 11.3 in our environment. It's a fresh install of DLP and I've managed to create a rule that monitors all the files that were copied to/from an Removable Device and to receive a notification about it.

The problem is that I do receive a notification for each single file copied. Meaning, if the end user copies 10 files, I do receive 10 emails.

Sounds a silly question but is it a way to receive a digest report with all the files copies per computer name & user? I've googled and read the documentation but I couldn't find what I'm looking for.

Shall I orient myself to do a query to achieve this?
How do you guys use this in your production?
What are the best practices?

Looking forward to hearing from you.

D

Labels (2)
1 Solution

Accepted Solutions
Highlighted
McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: How regroup email notifications of DLP Incidents in one email

Jump to solution
I would like to suggest a workaround. 1. We can duplicate an existing query-Number of Incidents per day (data in-use/in-motion. 2. Now if we edit this query(As Table), we can put additional Columns- Computers Computer IP Computer Name Evidence Classifications Evidence File Extension Evidence File Path Evidence File Size (KB) Evidence File Type Evidence Item Type Evidence Match Count Evidence Name Evidence SHA1 Evidence Short Match String Evidence Unique Match Count Evidence Unique Match Strings 3. Under Filter page, we can use the option-Evidence Rule Name to get the required results.

View solution in original post

2 Replies
Highlighted
McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: How regroup email notifications of DLP Incidents in one email

Jump to solution
I would like to suggest a workaround. 1. We can duplicate an existing query-Number of Incidents per day (data in-use/in-motion. 2. Now if we edit this query(As Table), we can put additional Columns- Computers Computer IP Computer Name Evidence Classifications Evidence File Extension Evidence File Path Evidence File Size (KB) Evidence File Type Evidence Item Type Evidence Match Count Evidence Name Evidence SHA1 Evidence Short Match String Evidence Unique Match Count Evidence Unique Match Strings 3. Under Filter page, we can use the option-Evidence Rule Name to get the required results.

View solution in original post

GJGVA
Level 8
Report Inappropriate Content
Message 3 of 3

Re: How regroup email notifications of DLP Incidents in one email

Jump to solution
Hi

thanks for reply. That's exactly what I needed.
Silly question, is it any chance that I can ran this query under DLP task incident? Like this, I'm avoiding receiving hourly blank PDF pages if there isn't any incident?

Regards,
David
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community