Data Loss Prevention

 View Only

  • 1.  Can Endpoint Prevent capture destination email addresses in an incident?

    Posted Sep 17, 2014 09:17 PM

    Hello-

    I have a customer request that while I spin up a lab to test this I figured I'd throw this concept out for discussion in parallell.


    With 12.x DLP Endpoint Prevent, I can create a policy that alerts on certain file types that are being attached to webmail (i.e. Google Mail). While the event is created in the console, is there a way to capture the destination email address from the web mail client or force a screen capture to attach to the incident?

    Certainly this can be done through Network Prevent for Email however, given their infrastrcuture it's not an option on the table unless they radically overhaul email and pull it all back in. I'm not sure that Network Prevent for Web could handle the level of granularity their looking for. Thoughts?

    Thanks

    Eric



  • 2.  RE: Can Endpoint Prevent capture destination email addresses in an incident?

    Posted Sep 17, 2014 11:34 PM

    I dont think there is a way to do that within the Endpoint Agent's capabilities, but you could get what you want done with a python script, you could create a FlexResponse action calling that script on the client.



  • 3.  RE: Can Endpoint Prevent capture destination email addresses in an incident?

    Posted Sep 22, 2014 04:53 AM

    No, You will not get. You will just get the machin IP or destination url details.