Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Search HTTP attributes in the DLP Endpoint Server records

Created: 05 Jul 2010
Naor Penso's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote

Hi,
Today the HTTP events arriving from the Network Monitor are a bit "skinny" and if you cannot link the IP address to the Computer/User you might not know who caused the incident.
Since Symantec DLP has an Endpoint server which has information on all endpoints attached to it, I believe it would be correct that in a case of an HTTP event,
The Endpoint server will be queried for that IP address.
In a more "proactive" approach, if there was a match to the Endpoint, the EDP server could "query" the endpoint computer for the user that is using the computer at that moment.

Kind Regards,
Naor Penso