0 Replies Latest reply on May 16, 2016 3:33 PM by yassinezeroual

    DAM Use case 4: Fraud Detection & Policy Violations


      Fraud Detection & Policy Violations

      Unusual amount of Sensitive Data is Accessed.


      Installation of the McAfee DAM Sensor at the Database.

      Database monitoring configuration.

      Setup threshold and create a notification.

      We need to simulate the following:

      1.    User accesses more critical database source than he usually does.
      2.    McAfee DAM detects a result size policy violation for that user
      3.    The event is logged for evidentiary purposes and compliance reporting. 

      McAfee DAM sends an alert.

      Note: that it is also recommended to create a correlation rule in McAfee SIEM with a threshold that can detect this behavior "Unusual amount of Sensitive Data is Accessed".