Re: Why isn't DLP logging anything?

Karim_Alim · ‎2018-09-13

Hi,

Trying to set up DLP on a standalone R80.10 in AWS. The blade is installed, but I can't seem to get it to log events or perform any actual DLP activity.

I didn't have any DLP events at all, until I set up a repository and put a test file in it. Then I got 3 DLP events related to the repository being scanned.

I've gone through the docs etc. but I don't know what I'm missing. Does it have some dependency on some other blades I don't have installed? Any help would be appreciated!!!

Alex_Weldon · ‎2018-09-13

Well in order to see DLP alerts caused by web uploads etc. you need HTTPS inspection in place. Then if you are looking to inspect exchange traffic you will need an exchange agent on the servers to inspect the mail.

Karim_Alim · ‎2018-09-13

Thanks for the reply!

I hadn't realized I needed HTTPS Inspection to do DLP inspection of HTTP 🙂 so I went ahead and set that up. Firewall logs did show a new flurry of yellow "HTTP Inspection Action" of "Inspect," so I guess that's working correctly...?

Still no additional DLP alerts/log entries, though! Any suggestions? Thanks for your help!

Alex_Weldon · ‎2018-09-14

Well standard HTTP will of course be inspected by default but currently represents just a fraction of most standard traffic (we are mostly HTTPS). What's the DLP policy look like? And are you running exchange agents to inspect the email traffic?