- Products
- Learn
- Local User Groups
- Partners
-
More
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
IDC Spotlight -
Uplevel The SOC
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi,
Trying to set up DLP on a standalone R80.10 in AWS. The blade is installed, but I can't seem to get it to log events or perform any actual DLP activity.
I didn't have any DLP events at all, until I set up a repository and put a test file in it. Then I got 3 DLP events related to the repository being scanned.
I've gone through the docs etc. but I don't know what I'm missing. Does it have some dependency on some other blades I don't have installed? Any help would be appreciated!!!
Well in order to see DLP alerts caused by web uploads etc. you need HTTPS inspection in place. Then if you are looking to inspect exchange traffic you will need an exchange agent on the servers to inspect the mail.
Thanks for the reply!
I hadn't realized I needed HTTPS Inspection to do DLP inspection of HTTP 🙂 so I went ahead and set that up. Firewall logs did show a new flurry of yellow "HTTP Inspection Action" of "Inspect," so I guess that's working correctly...?
Still no additional DLP alerts/log entries, though! Any suggestions? Thanks for your help!
Well standard HTTP will of course be inspected by default but currently represents just a fraction of most standard traffic (we are mostly HTTPS). What's the DLP policy look like? And are you running exchange agents to inspect the email traffic?
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY