5 Replies Latest reply: Jul 23, 2014 1:34 AM by epoNovice RSS

    DLP 9.3 monitor web uploads

    csteels

      We have just started to test DLP 9.3 among some of the IT machines and are trying to get to a point where we can monitor when people upload files to the web (mainly for monitoring dropbox, yousendit etc)

       

      After creating a web post protection rule it seems to flag up all manner of files constantly when just browsing web pages, what are we doing wrong and is this the correct rule type for what we are trying to do?

       

      Thanks

        • 1. Re: DLP 9.3 monitor web uploads
          sb905

          How are you triggering the rule now - with a content category?  We've setup the same rule but we're only triggering when the content being uploaded matches the content category (custom defined dictionary/word list).  Works fine for us.

          • 2. Re: DLP 9.3 monitor web uploads
            csteels

            We set it up initially very open ended in that it would just monitor all web posts (all web servers, all files) so that we can see when people upload company data to external sites but that doesnt work too great, basically pops up constantly when just browsing the web!

             

            Think we need to maybe tie it down to some file types and test again, at the moment we've had to disable it and we're just testing it among ourselves before going anywhere near a live pilot.

            • 3. Re: DLP 9.3 monitor web uploads
              epoNovice

              Any luck with this ?  I had the same issue...have just changed the rule to include certain file types and testing that now.

              • 4. Re: DLP 9.3 monitor web uploads
                bphang

                WPPR monitors pretty much all HTTP_POST call.

                Whenever you browse the net [intranet or internet] , HTTP_POST calls are made.

                So you are bound to get tons of information.

                • 5. Re: DLP 9.3 monitor web uploads
                  epoNovice

                  By restricting file types to office files, pdf and image you will drdstically drop the number of files...I also excluded our intranet and sharepoint servers.

                   

                  If you are concerned about certain domains you can also try and specify certain domains to drop them.

                   

                  Cheers