I am new to SIEM and I require assistance for the same.
I need to configure alerts for any emails going to public email domains like gmail.com, yahoo.com, outlook.com
This email can be in either To, CC or BCC fields.
We have integrated McAfee Host DLP with the McAfee SIEM.
Any guidance is appreciated.
According to your queries,i does'nt think mcafee hdlp work like that,HDLP work on TAG basis not domain.
SIEM is a event/incident monitoring tool it doesn't create events by itself.
Yes SIEM is an incident management tool.
I have integrated with McAfee ePO which has Host DLP.
The DLP is creating Incidences for email policy violation.
Those Incidences are pulled by the McAfee ESM (SIEM)
Now all I want to do is create a rule where in if the email sent to field (to, cc, bcc) is not my company domain
I trigger an alert.
Do let me know how this can be achieved via McAfee ESM (SIEM)