Data Loss Prevention

 View Only

  • 1.  Create a report showing file name contains @GMT

    Posted May 21, 2013 04:59 PM

    DLP on the Endpoint Reporting Question here:

    I'm tracking copy from Network to Local Drive and also Local Drive to network through my Endpoint Agent Configuration

    Here's the scenario:

    A Helpdesk Ticket is created to restore a file as it was either moved/deleted/copied/etc.and now the user can't find it...  Someone is assigned the job of restoring from backup the incident.  Right click folder, previous versions, restore the file.  

     

    As this file passes through EXPLORER.exe it generates an incident if the file violates a policy.

    Each incident contains the file name of @GMT and then the time stamp.  I would like to filter on all incidents that have that @GMT in its file name.  I've tried "Contains Ignore Case" and "Contains Any of" but when I apply the filter no results are found.

     

    What should my filter bet?



  • 2.  RE: Create a report showing file name contains @GMT

    Broadcom Employee
    Posted May 24, 2013 02:31 AM

    You can use filter to create such report.

    From a default report, for example, the 'Incidents - All', clieck 'Advanced Filters & Summarization', then click 'Add filter', on the drop-down list, select 'Attachment File Name', then input @GMT.

    Just as the below screenshot:

    File_Name_Filter.png



  • 3.  RE: Create a report showing file name contains @GMT

    Posted May 24, 2013 04:10 PM

    So the file I'm looking for doesn't show up as an "attachement" in the incident it acutally shows up as listed as a file location