データ流出コンテンツ パック

Overview

You have sensitive data in your environment and you need to keep it secure. The framework provided in this content pack provides easy-to-view metrics that offer a quick status check of sensitive data locations and identify possible data exfiltration information; a logical workflow for reviewing user interactions with sensitive information, including who is viewing it, what is being viewed, and to whom the information is being sent; and rapid insight into specific users and activity from possible insider threats to help immediately stop the data exfiltration.

Content Pack Components

Alarms

Focused on specific file or data events that interact with resources containing sensitive data.

  • Exfiltration – Possible Exfiltration
Reports

Useful for providing regular summary data to interested parties.

  • Exfiltration – Date Leakage Analysis
  • Exfiltration – Insider Threat Analysis
Variables
  • FTP_SERVERS
Views

Shows activity that stems from system interaction on the network involving sensitive data locations or user-centric events and zone-specific scenarios.

  • Exfiltration – High-Value Host Activity
  • Exfiltration – Potential Insider Threat Activity
  • Exfiltration – DLP Device Activity
  • Exfiltration – Zone Exfiltration Summary
Correlation Rules

Focused on data-related events that interact with the high-value hosts, tracking them and determining which users trigger the rules.

  • Exfiltration – Abnormal Communication and Exfiltration from High-Value Host – Events and Flows
  • Exfiltration - FTP Traffic with High-Value Host
  • Exfiltration – High Number of File Status Events on High-Value Hosts
  • Exfiltration - IM Client File Transfers with High-Value Hosts
  • Exfiltration - P2P Activity with High-Value Hosts
Watchlists

Keep track of resources on the network that contain a degree of sensitive information or specific users that have interacted with these sensitive resources.

  • High Value Hosts
  • Exfiltration – Possible User Threats
  • Exfiltration – User Whitelist

Required Products

  • McAfee Enterprise Security Manager (ESM) 10.0.x, 9.6.x, 9.5.x
  • McAfee Advanced Correlation Engine (ACE) 10.0.x, 9.6.x, 9.5.x

コンテンツ パックのダウンロード

ServicePortal にご登録の方は、ナレッジセンターにログインすると、詳しいドキュメントを入手できます。また、コンテンツ パック ファイルをダウンロードできます。

記事を読む

検索

他のコンテンツ パックやパートナー統合を検索できます。

すべて表示

無料トライアル

McAfee Enterprise Security Manager をお試しください。

無料トライアルの登録