Hello,
Trying to slim down the noise and exclude any internal to (only) internal (if sent to more then one person and at least one is not within company incident should be flagged) emails.
I followed the steps in this article and it is working for Network incidents.
https://www-secure.symantec.com/connect/articles/create-dlp-policy-add-exception-ignore-emails-send-internal-users
But it is not working on the Endpoint side. We use lotus notes and from what I see, endpoint captured smail/smtp traffic is logging as
sender/user: company-countrycode/userid
recipient: username/countrycode/domain/companyname
I tried to add another exception to the policy in the same fashion as about but for
user/sender used - companyname-*
and for
recipient used- */companyname
this did not seem to do the trick.
Anyone solve a similar problem or can point me in the right direction?
Thank you.