Monitoring HTTP using Endpoint Agent
Created: 14 Mar 2013 | Updated: 14 Mar 2013 | 6 comments
We're using 11.6.1
We've enabled HTTP/HTTPS in the agent configuration and it appears to have applied to the agent. Out policy is a simple test matching on a keyword.
When we fire up iexplore (we also use a proxy going through 8080 if that matters), if we put in the keyword into the browser search bar, it doesn't raise an incident.
Any idea what could be wrong?
Operating Systems:
Discussion Filed Under:
Comments 6 Comments • Jump to latest comment
its not been uploaded to http , isn't it?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
what polcies do you have built around this? or did you just go into the agent config type in some items and push out an agent... i would need a little more info to help
John,
DLP will only inspect data that is a POST or an upload. So just a basic search may not work, it all depends on the web page and if its a POST.
An easy way to test is to go to a BLOG or Yahoo Board and post keywords.
Please call solved if possible!
Ronak
Please make sure to mark this comment as a solution to your problem, when possible.
Another way would to be to use the POST feature on http://dlpse.com
Aaron
If this post has helped you, please vote up or mark as solution to help others looking for the same data.
Hi John,
If ur brosers searches for anykeyword than no matters. if any thing going to tranferred via any tranferable medium than it risk. We have all infra to monitor http and https. I think u dont need to worry about this.
Dear John,
Why DLP should generate incident for keyword that added in browser search bar until the keywords has been used at data tansfer.
As daily many ppl will unknowngily seraching for any statement,word and coincidently it match then no of false positive will tremondously genrate the incident which is difficult to handle. Also DLP has not considered such scenirio and not designed to detect what u are looking for.
I hope now u will be clarified the facts and concepts.
Would you like to reply?
Login or Register to post your comment.