3 Replies Latest reply on Oct 7, 2016 11:47 AM by hhoang

    DLP 10 - Query or Report

    cykes

      Hello,

       

      Is it possible to create a query or a report in which the defined USB sticks or other devices are displayed?

        • 1. Re: DLP 10 - Query or Report
          hhoang

          When you say 'defined USB sticks' - what information are you attempting to have reported?

          • 2. Re: DLP 10 - Query or Report
            cykes

            Good Morning,

             

            in the DLP Policy Manager under "Definitions" -> Device Control -> Device Definitions   i have create a special list with usb-sticks and serialnummer and a description which are allowed to use by our users.

            What i want is to create a report, for a audit p.a., with a list of this entrys.

            Device definition.jpg

            • 3. Re: DLP 10 - Query or Report
              hhoang

              With DLP 9.3 there was an 'export to html' option for the policy which included device definition information (truncated).  With 9.4 and later this data is stored in XML files in the database.

               

              To answer your question, there isn't an option to generate a query on this information.  I would recommend submitting this as a product enhancement request here:  Intel Security Ideas Forum: Latest

               

              As a workaround, you can use the following query to locate the XML in the database:

               

              select * from UDLP_DEFINITIONS where name= ' <your device definition name>  '

               

              There is an XML column and all you should need to do is click on the XML and it will look something like this:

               

              <CatalogItem type="81">

                <id>1172c04f-5946-4c3a-8db7-46ebe90e192f</id>

                <name>All Sandisk removable storage devices (Mac)</name>

                <description>Sandisk removable devices identified by the vendor id</description>

                <attributes>1</attributes>

                <parameters>&lt;conditions&gt;&lt;condition grouping="or"&gt;&lt;prop-key&gt;vid_pid&lt;/prop-key&gt;&lt;op-key&gt;equals&l t;/op-key&gt;&lt;value&gt;&lt;![CDATA[0781||||]]&gt;&lt;/value&gt;&lt;/condition &gt;&lt;/conditions&gt;</parameters>

                <customParameterNames />

                <enforceProducts>

                  <Product type="MAC" />

                </enforceProducts>

              </CatalogItem>

               

               

              The parameters section will be what you're looking for although it is not the most user friendly format and may or may not meet your auditing needs.