Products
Applications
Support
Company
How To Buy
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Register
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
My Communities
Communities
All Communities
Enterprise Software
Mainframe Software
Symantec Enterprise
Blogs
All Blogs
Enterprise Software
Mainframe Software
Symantec Enterprise
Events
All Events
Enterprise Software
Mainframe Software
Symantec Enterprise
VMware
Water Cooler
Groups
Enterprise Software
Mainframe Software
Symantec Enterprise
Members
Data Loss Prevention
View Only
Community Home
Threads
Library
Events
Members
Back to Library
Reasons for Respective Fields as to why they are left blank while exporting the endpoint incidents
0
Recommend
Apr 29, 2014 12:20 AM
Migration User
Sr. No
Blank Field
Type
Reason
1
Destination
HTTPS/SSL
In endpoint Incidents Destination field is used for file transfer incidents i.e.( where files are transfered from source to destination) and since https/ssl or http transactions do not have this information destination is only populated for CD/DVD & Removable storage Incidents. But still we get the destination URL for http/s incidents which is given in recipient field.
HTTP
2
Destination Path
CD/DVD
For CD/DVD Incidents destination path would be CD/DVD Drives and since at the time of writing the files on CD/DVD drives they become un-readable for the internal applications due to which DLP is unable to monitor/ keep track of path where the files are geting copied. Hence Dlp monitors only detination for CD/DVD incidents and not its path.
FTP
Destination path is used for the file transfer incidents i.e.( where files are transfered from source to destination) and since https/ssl or http transactions do not have this information destination path is only populated for Removable storage. But still we get the destination URL for http/s incidents which is given in recipient field.
HTTP
HTTPS/SSL
3
Source File
FTP
Source File is populated only for the file transfer incidents i.e.( where files are transfered from source to destination) and since https/ssl or http transactions do not have this information Source File is only populated for Removable storage.
HTTP
HTTPS/SSL
Removable Storage
There are multiple reasons :
1. If user is transfering a file to removable storage directly from lotus notes then DLP might not get the source file or its path.
2. If user downloading/ copying the file directly from ftp/filesharing services to removable storage.
3. If user is working on excel sheet and instead of saving it locally he saves it directly to removable storage device then dlp would not understand the source file path as the application has copied the file directly.
4
Source File Path
FTP
Source File Path is populated only for the file transfer incidents i.e.( where files are transfered from source to destination) and since https/ssl or http transactions do not have this information Source File Path is only populated for Removable storage.
HTTP
HTTPS/SSL
Removable Storage
There are multiple reasons :
1. If user is transfering a file to removable storage directly from lotus notes then DLP might not get the source file or its path.
2. If user downloading/ copying the file directly from ftp/filesharing services to removable storage.
3. If user is working on excel sheet and he tries to save the file directly to removable storage device instead of his local drive then dlp would not understand the source file path as the application has copied the file directly.
5
Device Instance ID
FTP
Device Instance ID is basically a unique ID assigned to all type of plug-n-play devices and since ftp/http/s does not have Device instance ID it is kept blank.
HTTP
HTTPS/SSL
Removable Storage
Will have to investigate for these specific incidents with the user as how he had copied files since all removable storage incidents are not showing as blank for this field.
6
Subject
All Types
Since this field is monitored only for Email/smtp incidents these will be left blank for all other type of incidents
7
Recipient(s)
CD/DVD
In Endpoint Incidents Recipient field is used to populate end URL/s or Email recipients where the data has been uploaded/mailed respectively.
Hence for CD/DVD & Removable storage incidents this field is left blank.
Removable Storage
8
Data Owner Name
All Types
Only available if Data insight is implemented
9
Data Owner Email
All Types
Only available if Data insight is implemented
Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads
Tags and Keywords
Related Entries and Links
No Related Resource entered.
Copyright 2019. All rights reserved.
Powered by Higher Logic