Data Loss Prevention

 View Only
  • 1.  Doubt with Application Monitoring

    Posted Jun 08, 2016 07:36 AM

    Hello all,

     

    Is it possible to create a policy or detection exception just for some applications which are listed in the Application Monitoring? My idea was for instance apply the App A monitoring only to Policy X and App B monitoring to Policy Y.  Or create a compound rule to include Detection Z + App C as detection criteria.

    After browsing for a while I couldnt find a way to do this.. since there is only one list with all Apps monitored. I got the idea to create exceptions (ignore monitoring) using the Filter by File Properties (Agent Config level) but I would need to be managing several Agents Configs and Agent Groups in order to achieve a similar result.

     

    Thanks!



  • 2.  RE: Doubt with Application Monitoring

    Trusted Advisor
    Posted Jun 08, 2016 10:44 AM

    hello morgado,

     i dont think it is possible to do what you expect in a simple and manageable way.

    A possible workaround may be to use a custom plugin script which uses lookup parameters "endpoint-application-name" and "policy-name" then set some specific incident attribute value if it is the application you want to monitor with this policy.

     

     Regards



  • 3.  RE: Doubt with Application Monitoring

    Posted Jun 08, 2016 10:51 AM

    Thanks for the reply Stephane. Thought so.. Le'ts see if someone else has a different opinion :)



  • 4.  RE: Doubt with Application Monitoring

    Posted Sep 21, 2016 01:32 PM

    Hi Morgado, i don't have the solution but I too have a need to monitor for only 1 application listed in the application list and not the entire set of apps.



  • 5.  RE: Doubt with Application Monitoring

    Posted Sep 22, 2016 03:36 AM

    Hello,

     

    I've confirmed with a Symantec employee and unfortunately it's not possible.

    BR,