Hello,
I'd like to know if there is a better way of using our credit card detection policy. Any suggestions please?
The scenario is that when a staff member sends an email to an external address with a full credit card number, DLP pops-up with the endpoint policy and some options, the staff member clicks "Approved" and the message is emailed (with Endpoint incident creation). Then DLP creates an SMTP incident with the same content, so the event responder is confused because there is one incident under Endpoint and another under network.
Personally, I'm ok with how DLP acts in this instance and I must reiterate this isn’t a fault per-say but I'd like to consider other ways of configuring the policy(s).
I have 8 servers running 14.0.0.05018, two are for Network Prevent for Email.
Endpoint client is version 12.5.0.20035.
Thank you,
DanJ