5 Replies Latest reply on Apr 24, 2012 9:03 AM by bigmac5454

    DLP Logs


      Is there a log that will tell you and alert you if someone plugs in a usb flash drive

        • 1. Re: DLP Logs

          Yes. You can create a removable storage protection rule and set it to monitor. Then create an automated response in ePO to email an alert.

          • 2. Re: DLP Logs

            I don't see a DLP automatic response in automatic responses, tried to add new response no go.....how did you do it?







            • 3. Re: DLP Logs

              The event group is ePO Notification Events

              Event type: Threat


              The Filter I have is:

              Detecting Product Name Equals: Data Loss Prevention

              Event Description Equals: Email Protection ( you would change this to Removable Storage Protection)

              Threat action equals: BL|EVDNC|MON|NTFY|ON (You would change this to match your rule, or you could leave this off) I use this to only see Email blocks.


              Action: Send Email


              Subject: McAfee DLP Email Event - User Blocked: {sourceHostName}/{sourceUserName}


              User Name : {sourceUserName}

              Host Name: {sourceHostName}

              Event UTC : {detectedUTC}

              IP address: {sourceIPV4}

              Event Type : {eventDesc}

              Action Taken: {threatActionTaken}

              Threat Category: {threatCategory}

              Threat Name: {threatName}

              Threat Severity: {threatSeverity}

              Threat Type: {threatType}

              • 4. Re: DLP Logs

                Also as far as a "log": Use the DLP Monitor plug-in, right? Set a filter to Removable Storage.

                • 5. Re: DLP Logs

                  Thanks got that to wrk good thanks.........


                  Now my boss wants me to detect anything that is plugged into a USB port....Iphone, Drives, DVD, etc. want it very generic.....can this be done?