This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Karim_Alim
Explorer
‎2018-09-13 11:24 AM

Why isn't DLP logging anything?

Hi,

Trying to set up DLP on a standalone R80.10 in AWS.  The blade is installed, but I can't seem to get it to log events or perform any actual DLP activity.

I didn't have any DLP events at all, until I set up a repository and put a test file in it.  Then I got 3 DLP events related to the repository being scanned.

I've gone through the docs etc. but I don't know what I'm missing.  Does it have some dependency on some other blades I don't have installed?  Any help would be appreciated!!!

3 Replies
Alex_Weldon
Contributor
‎2018-09-13 11:47 AM

Well in order to see DLP alerts caused by web uploads etc. you need HTTPS inspection in place. Then if you are looking to inspect exchange traffic you will need an exchange agent on the servers to inspect the mail.

0 Kudos
Karim_Alim
Explorer
‎2018-09-13 04:41 PM
In response to Alex_Weldon

Thanks for the reply!

I hadn't realized I needed HTTPS Inspection to do DLP inspection of HTTP 🙂 so I went ahead and set that up.  Firewall logs did show a new flurry of yellow "HTTP Inspection Action" of "Inspect," so I guess that's working correctly...?

Still no additional DLP alerts/log entries, though!  Any suggestions?  Thanks for your help!

0 Kudos
Alex_Weldon
Contributor
‎2018-09-14 05:51 AM
In response to Karim_Alim

Well standard HTTP will of course be inspected by default but currently represents just a fraction of most standard traffic (we are mostly HTTPS). What's the DLP policy look like? And are you running exchange agents to inspect the email traffic?

0 Kudos
Labels