I am new to SIEM and I require assistance for the same.
I need to configure alerts for any emails going to public email domains like gmail.com, yahoo.com, outlook.com
This email can be in either To, CC or BCC fields.
We have integrated McAfee Host DLP with the McAfee SIEM.
Any guidance is appreciated.
Or can I create an alert that says if the To or CC or BCC address's are anything other than my company domain "*@abc.com" can I generate an alert???
According to your queries,i does'nt think mcafee hdlp work like that,HDLP work on TAG basis not domain.
SIEM is a event/incident monitoring tool it doesn't create events by itself.
Yes SIEM is an incident management tool.
I have integrated with McAfee ePO which has Host DLP.
The DLP is creating Incidences for email policy violation.
Those Incidences are pulled by the McAfee ESM (SIEM)
Now all I want to do is create a rule where in if the email sent to field (to, cc, bcc) is not my company domain
I trigger an alert.
Do let me know how this can be achieved via McAfee ESM (SIEM)
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC