Video Screencast Help
As we strive to continually improve your experience on our site, please help us by taking this survey and tell us about your satisfaction level using Symantec Connect. One lucky winner will receive 500 Connect points! * Take the survey.

Search HTTP attributes in the DLP Endpoint Server records

Created: 05 Jul 2010
Naor Penso's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote

Today the HTTP events arriving from the Network Monitor are a bit "skinny" and if you cannot link the IP address to the Computer/User you might not know who caused the incident.
Since Symantec DLP has an Endpoint server which has information on all endpoints attached to it, I believe it would be correct that in a case of an HTTP event,
The Endpoint server will be queried for that IP address.
In a more "proactive" approach, if there was a match to the Endpoint, the EDP server could "query" the endpoint computer for the user that is using the computer at that moment.

Kind Regards,
Naor Penso