Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Search HTTP attributes in the DLP Endpoint Server records

Created: 05 Jul 2010
Naor Penso's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote

Hi,
Today the HTTP events arriving from the Network Monitor are a bit "skinny" and if you cannot link the IP address to the Computer/User you might not know who caused the incident.
Since Symantec DLP has an Endpoint server which has information on all endpoints attached to it, I believe it would be correct that in a case of an HTTP event,
The Endpoint server will be queried for that IP address.
In a more "proactive" approach, if there was a match to the Endpoint, the EDP server could "query" the endpoint computer for the user that is using the computer at that moment.

Kind Regards,
Naor Penso