2 Replies Latest reply on Mar 29, 2017 2:53 AM by vinodcm

    DLP event detail

    vinodcm

      can anyone tell me the below points details in DLP Whitelisting part

      • Severity                                             
        From which source is the severity defined.
      • Connectivity State                         
        Please elaborate the online and Offline state.
      • Actual / Expected Action            
        what all categories have been configured on the McAfee DLP for this field.
      • Computer IP                                    
        IP address details for many system is missing, How can we capture for all systems.
      • Mobile Device ID
        some mobile device connected to system but its showing "Mobile
        Device ID” as “None",

       

       

       

       

                                                   

        • 1. Re: DLP event detail
          hhoang
          • Severity               
            -- This is configured in each individual rule
          • Connectivity State                         
            -- From the product guide:
            • Online/offline operation
              You can apply different device and protection rules, depending on whether the managed computer is
              online (connected to the enterprise network) or offline (disconnected from the network). Some rules
              also allow you to differentiate between computers within the network and those connected to the
              network by VPN.
            • Connectivity state is determined by the corporate connectivity section in our client configuration policy:
            • Corporate connectivity Corporate Network
              Detection
              Corporate VPN
              Detection
              You can apply different prevent actions to endpoint
              computers in the corporate network or outside the network.
              For some rules, you can apply different prevent actions when
              connected by VPN. To use the VPN option, or to determine
              network connectivity by corporate server rather than by
              connection to McAfee ePO, set the server IP address in the
              relevant section.
          • Actual / Expected Action            
            -- This is whatever reaction was configured in your rule
          • Computer IP                                    
            -- System information is typically pulled by the McAfee agent.  Where exactly are you not seeing the IP address?
          • Mobile Device ID
            -- Mobile device ID is referring to mobile phone integration.  This field was added for future support of mobile devices and does not apply to laptops.
          1 of 1 people found this helpful
          • 2. Re: DLP event detail
            vinodcm

            Hi,

            Thank you so much....

            Below are the query raised by my client.

            I have referred the DLP guide but I need the basic technical explanation of this to make them to understand. thanks again for your reply.

             

            • Severity                                             
              From which source is the severity defined.
            • Connectivity
              State                         
              Please elaborate the online and Offline state.
            • Actual / Expected
              Action            
              Please let me know what all categories have been configured on the McAfee DLP
              for this field.

             

            • Computer
              IP                                    
              IP address details for many system is missing, How can we capture for all
              systems.
            • Mobile Device ID
                                         
              We found some mobile device connected to system but its showing "Mobile
              Device ID” as “None", Can you please look into this. Some e.g. given
              below:

            o   In shared report, Lumia 520 connected to PDCDT01J15ZVQ1
            on 1st Feb 2017, but its “Mobile Device ID” showing “None”.

            • Which field in your report will show the path to where
              the file is copied and the path from where it is copied?

            .