5 Replies Latest reply on Apr 24, 2012 9:03 AM by bigmac5454

    DLP Logs

    bigmac5454

      Is there a log that will tell you and alert you if someone plugs in a usb flash drive

        • 1. Re: DLP Logs
          JoeyMc

          Yes. You can create a removable storage protection rule and set it to monitor. Then create an automated response in ePO to email an alert.

          • 2. Re: DLP Logs
            bigmac5454

            I don't see a DLP automatic response in automatic responses, tried to add new response no go.....how did you do it?

             

             

             

            Thanks,

             

            mark

            • 3. Re: DLP Logs
              JoeyMc

              The event group is ePO Notification Events

              Event type: Threat

               

              The Filter I have is:

              Detecting Product Name Equals: Data Loss Prevention

              Event Description Equals: Email Protection ( you would change this to Removable Storage Protection)

              Threat action equals: BL|EVDNC|MON|NTFY|ON (You would change this to match your rule, or you could leave this off) I use this to only see Email blocks.

               

              Action: Send Email

               

              Subject: McAfee DLP Email Event - User Blocked: {sourceHostName}/{sourceUserName}

              Body:

              User Name : {sourceUserName}

              Host Name: {sourceHostName}

              Event UTC : {detectedUTC}

              IP address: {sourceIPV4}

              Event Type : {eventDesc}

              Action Taken: {threatActionTaken}

              Threat Category: {threatCategory}

              Threat Name: {threatName}

              Threat Severity: {threatSeverity}

              Threat Type: {threatType}

              • 4. Re: DLP Logs
                JoeyMc

                Also as far as a "log": Use the DLP Monitor plug-in, right? Set a filter to Removable Storage.

                • 5. Re: DLP Logs
                  bigmac5454

                  Thanks got that to wrk good thanks.........

                   

                  Now my boss wants me to detect anything that is plugged into a USB port....Iphone, Drives, DVD, etc. want it very generic.....can this be done?

                   

                  Mark