You have sensitive data in your environment that you need to keep secure. The framework in this content pack provides easy-to-view metrics that offer a quick status check of sensitive data locations. It also identifies possible data exfiltration information and includes a logical workflow for reviewing user interactions with sensitive information, including who is viewing it, what is being viewed, and to whom the information is being sent. It also provides rapid insight into specific users and activity from possible insider threats to help immediately stop the data exfiltration.

Content Pack Components


Focused on specific file or data events that interact with resources containing sensitive data.

  • Exfiltration – Possible Exfiltration


Useful for providing regular summary data to interested parties.

  • Exfiltration – Date Leakage Analysis
  • Exfiltration – Insider Threat Analysis




Shows activity that stems from system interaction on the network involving sensitive data locations or user-centric events and zone-specific scenarios.

  • Exfiltration – High-Value Host Activity
  • Exfiltration – Potential Insider Threat Activity
  • Exfiltration – DLP Device Activity
  • Exfiltration – Zone Exfiltration Summary

Correlation Rules

Focused on data-related events that interact with the high-value hosts, tracking them and determining which users trigger the rules.

  • Exfiltration – Abnormal Communication and Exfiltration from High-Value Host – Events and Flows
  • Exfiltration - FTP Traffic with High-Value Host
  • Exfiltration – High Number of File Status Events on High-Value Hosts
  • Exfiltration - IM Client File Transfers with High-Value Hosts
  • Exfiltration - P2P Activity with High-Value Hosts


Keep track of resources on the network that contain a degree of sensitive information or specific users that have interacted with these sensitive resources.

  • High Value Hosts
  • Exfiltration – Possible User Threats
  • Exfiltration – User Whitelist

Required Products

  • McAfee Enterprise Security Manager (ESM) 11.x, 10.x
  • McAfee Advanced Correlation Engine (ACE) 11.x, 10.x

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article


Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?