cancel
Showing results for 
Search instead for 
Did you mean: 

Create an ALERT for public email domains

Hello all,

I am new to SIEM and I require assistance for the same.

I need to configure alerts for any emails going to public email domains like gmail.com, yahoo.com, outlook.com

This email can be in either To, CC or BCC fields.

We have integrated McAfee Host DLP with the McAfee SIEM.

Any guidance is appreciated.

Regards,

Ram

3 Replies

Re: Create an ALERT for public email domains

Or can I create an alert that says if the To or CC or BCC address's are anything other than my company domain "*@abc.com" can I generate an alert???

Highlighted

Re: Create an ALERT for public email domains

Hello ram,

According to your queries,i does'nt think mcafee hdlp work like that,HDLP work on TAG basis not domain.

SIEM is a event/incident monitoring tool it doesn't create events by itself.

>>>David

Re: Create an ALERT for public email domains

Hello David,

Yes SIEM is an incident management tool.

I have integrated with McAfee ePO which has Host DLP.

The DLP is creating Incidences for email policy violation.

Those Incidences are pulled by the McAfee ESM (SIEM)

Now all I want to do is create a rule where in if the email sent to field (to, cc, bcc) is not my company domain

I trigger an alert.

Do let me know how this can be achieved via McAfee ESM (SIEM)

Thank you.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator