Data Loss Prevention

 View Only

  • 1.  DLP Endpoint Discover Not Detecting Incidents

    Posted Jun 04, 2014 12:07 PM

    I’m new to DLP and am having difficulties getting Endpoint Discover to detect incidents. I have a test text file with false social security numbers that should be detected using the US Social Security Number Data Identifier that came with the DLP.  In the discover target filter I have it targeting the specific file.

    When the scan is ran it reports that the file was scanned but fails to detect any incidents.

     



  • 2.  RE: DLP Endpoint Discover Not Detecting Incidents

    Broadcom Employee
    Posted Jun 04, 2014 04:19 PM

    Hello,

    There are many things that could be wrong with your DLP. You should open up a support case so that we can look at the logs and determine what is happening.

    You should try to collect the logs from the Endpoint Agent and the Endpoint Server as well as Enforce and start taking a look at them. There may be a communication issue with your environment.

    I hope this helps.

    Best,

    Ryan



  • 3.  RE: DLP Endpoint Discover Not Detecting Incidents

    Posted Jun 04, 2014 05:04 PM

    You mentioned a fake SSN, does it match the criteria of your policy?  How fake is the number you are using?  For testing I like to use the CEO of LifeLock's SSN (just google it) and that way you know it is a valid SSN and it is within the assigned range, etc.

    Chance are your SSN is just not violating the policy in place and that might be all that is wrong.  How narrow is the breadth of your policy?

    Like I said earlier google the CEO of LifeLock for his actual SSN and then try your Endpoint Discover scan.  If it doesn't generate then, I would try a support ticket like Ryan suggested