1 of 1 people found this helpful
According to your queries,i does'nt think mcafee hdlp work like that,HDLP work on TAG basis not domain.
SIEM is a event/incident monitoring tool it doesn't create events by itself.
Yes SIEM is an incident management tool.
I have integrated with McAfee ePO which has Host DLP.
The DLP is creating Incidences for email policy violation.
Those Incidences are pulled by the McAfee ESM (SIEM)
Now all I want to do is create a rule where in if the email sent to field (to, cc, bcc) is not my company domain
I trigger an alert.
Do let me know how this can be achieved via McAfee ESM (SIEM)