Team,
Is there a way to create a new policy in DLP that simply monitors (rather than blocks) HTTP usage of certain URLs?
For example, I want to monitor whom in our organization is visiting Drop-box/Google Drive (e.g. dropbox.com) in order to help determine if this is a source of data exfiltration so we can begin implementing blocking policies at the Endpoint level for Endpoint users that are attempting to send business data intended for internal use only to external cloud drives.
Right now, I am having issues implementing this type of policy because I can filter out HTTP/HTTPS by protocol but the only place I see to input a specific URL to monitor is in the SMTP fields (i.e., the TO:, Header, FROM:, and body of the message itself). Is DLP not intended to monitor outgoing HTTP traffic? Specific step-by step instructions would be most helpful and appreciated. We may be able to use Websense or some other product if DLP does not include this functionality.
Thanks,
TB