Just been searching through the forum regarding this but cannot find much info. It appears that when monitoring files coming to/fro a removable storage device, DLP 9.0 only reports on the destination/username/hostname of the file. Does not report on filename and source of the file. Which kinda defeats the purpose of monitoring data.
If I switch the rule to "collect" evidence and enable hit-highlighting then I do get the filename/destination/username and hostname. But do not get the source location of the file. Basically the data we would like to collect is this " c:\test.txt copied to e:\test.txt. "
I and I am sure many others would prefer to have the option to just monitor with all the required data being logged, without collecting evidence. Due to space/network bandwidth concerns it is not practical for us to collect evidence at this point. Plus it is clearly documented that you should use monitoring just for that purpose, to monitor and collect data for reporting. But monitoring does not appear to collect all the data that DLP is said to do.
So the question, does version 9.1 allow for monitoring to log the source, filename, and the remainder of details that is required for good reporting? If not is there a way to enable the ability for this information to be logged in 9.0?
Message was edited by: j.richards on 9/12/10 12:43:20 AM
Thought I would give an update on this for anyone else looking for answers. Upgraded to version 9.1. We are now able to see the filename and destination on monitored events.
We are still though not able to see the source (origin) of files that are copied to the removable device. Does anyone know how we can record the source of files?