I was told it was possible to simply capture the filenames of data which is written to specific media, in my case I want to be able to produce a report that captures the filenames writen to USB media when the user belongs to our AD group 'USB Write" as it is setup to allow write access to our non-approved USB devices (standard USB's with no hardware encryption)
I cannot find any pre-configured querys for this action, its important to note that the install is DLP Device Control and not the full blown DLP suite. When moving to Device Control I was told by McAfee this would be possible and is one of our audit requirments.
Any ideas?Message was edited by: scottsteps on 10/05/12 7:33:09 CDT AM
Any way to bump up this question? This is exactly what I need answered/configured for my DLP implementation.
There aren't any preconfigured queries. You'll need to create your own.
Queries and reports> New> Other (In Feature Group> DLP Events. Create a table listing the info you need. The customization is pretty intuitive.
For this data to be available, you'll need to create a protection rule for Removable storage (not a device rule).