Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Karim_Alim
Explorer

Why isn't DLP logging anything?

Hi,

Trying to set up DLP on a standalone R80.10 in AWS.  The blade is installed, but I can't seem to get it to log events or perform any actual DLP activity.

I didn't have any DLP events at all, until I set up a repository and put a test file in it.  Then I got 3 DLP events related to the repository being scanned.

I've gone through the docs etc. but I don't know what I'm missing.  Does it have some dependency on some other blades I don't have installed?  Any help would be appreciated!!!

3 Replies
Alex_Weldon
Contributor

Well in order to see DLP alerts caused by web uploads etc. you need HTTPS inspection in place. Then if you are looking to inspect exchange traffic you will need an exchange agent on the servers to inspect the mail.

0 Kudos
Karim_Alim
Explorer

Thanks for the reply!

I hadn't realized I needed HTTPS Inspection to do DLP inspection of HTTP 🙂 so I went ahead and set that up.  Firewall logs did show a new flurry of yellow "HTTP Inspection Action" of "Inspect," so I guess that's working correctly...?

Still no additional DLP alerts/log entries, though!  Any suggestions?  Thanks for your help!

0 Kudos
Alex_Weldon
Contributor

Well standard HTTP will of course be inspected by default but currently represents just a fraction of most standard traffic (we are mostly HTTPS). What's the DLP policy look like? And are you running exchange agents to inspect the email traffic?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events