Is it possible to whitelist or exclude a specific URL so HDLP doesn't flag traffic to it as an 'incident' and skew my metrics/reports?
We use a secure document storage provider and tons of traffic goes to a specific URL with legitimate business traffic to upload docs to it.
I don't want my DLP metrics to trigger an event when our users upload docs to that URL.
Any help you can provide is greatly appreciated!
I have not found an exclusion option for 9.2 or 9.3 for this feature. I think I have a PER in for it, but I have about a dozen going all the way back to April for DLP which McAfee has never checked or reviewed - any of them.
So it may or may not be a feature in 9.3 patch 1, which was scheduled for this month some time.
Assuming you are talking about Web Post Protection (WPP) rule, when you create a WPP rule, step 1 allows you to define a Web Destination.
Create a new Web Destination and add the URL/Web server you want to ignore and uncheck that URL/Domain. Leave the check box for Other web servers. Now the rule will be enforced to all web servers except the one that you left unchecked.
This option has always existed.
Score, I'll be giving that a try myself! When we had demos and engineers here from McAfee, they told us that this was not an option, and I never found anything definitive in the documentation. So if we wanted to use WPP for all web-servers and internet addresses, except for 1, we couldn't do that.. I'll give it a shot though, thanks!
Message was edited by: keithdrone on 10/25/13 7:37:52 AM CDT