Data Loss Prevention

Hi all,

I'm thinking about how to mail to a person in charge, when Network Discover Scans start, stop and finish.

I know I can receive an alert mail when scan has finished, using alert setting on [System -> Server -> Alerts].

But it doesn't seem that event logs are generated as to start and stop, so I can't use alert settings for these.

Is there any options?

I think realistic options is checking ScanDetail log with 3rdparty tools, but if possible, I would like to set the mail only with Vontu function.

Thank you.

Hi Cango,

You can confirm the event ID for each Network Discover Scan start, stop and finish event and configure the automated mail sent to configured mail ID with System. I was seen ther is two way to this,

1) In Enforce ther is some settings and config in which you can config mail generte to when specific event is occured, according to event ID it will send mail

2) you can define smart responce rule for this.

Regards

Kishorilal

You can configure a System Alert to notify someone via email on a "Scan completed" event (event code 1702).  There is no corresponding event for "Scan started" however, so you won't be able to create an alert based on that.  You've already correctly identified that, so I'm just confirming that for you.

As far as I am aware, there's no other way to do this with out-of-the-box functionality in DLP.  A "Smart Response" as identified in the above post wouldn't do it, as these are really just manually executed actions available to users that are reviewing incidents. 

~Keith