I would like to get more details about the files the user uploads to the Google Drive over HTTPS, using the Internet Explorer. I have configured successfully the policy to catch such an activity based on URL (drive.google.com), but because of magical AJAX-ed Google upload in progress, I am not able to get any valuable details from the request. Especially the name and path of the source file being uploaded is missing.
Do you know, is there any customization of DLP agent available to be able to extract such a details?
In general, DLP is blind here. I can only block everything on my proxy. Which is not the required state.
Thank you in advance,
please refer below
I am sorry, I have already searched through the forums. I do not want to block it, I want to monitor it and the DLP Agent is unable to get the details now.
I read ur query and understand ur query. I think this might be hapened due to poor policy defination and config. U need to chcek ur policy rules to find the problem. As on endpoint u can monitor and block all ftp,http and https communication but on networkk for https u need web DLP.
IF even ur policy is perfect and u need to find required details which u want then I best way I recommend integrate it with SSIM .this will answer ur question.
I know this is not an easy topic. I have a good policies collecting events for example inside HTTP communication on Google Mail through proxy. But, when it comes to the local DLP Agent based ability, when monitoring the HTTPS inside IE, it is weak. It can get some easy POST's (don't know for PUT's), but it is not able to get details from the complex async upload dialog of Google Drive. (Even, I think the SPDY is not supported in IE 8 - internal business requirement.)
I personally think, the HTTP network probe can do more and this may be missing from the local DLP Agent, unfortunately. I have tested it with this result.
Hi pavel ,
please let me know what exactly u expect or required ?