I have 2 detection servers Network Monitor 15.1 in 2 different core switches but checking the incidents HTTPS are generated without having the HTTPS protocol enabled, someone can explain me why it generates this type of incidents or within this new version it already detects the encrypted traffic HTTPS Network Monitor natively.
Thanks and regards.
As HTTPS is encrypted I can't see anyway of this being monitored unless DLP was provided the key for each connection, could you provide a screenshot example of the incidents being raised?
This sounds more like a policy is triggering something incorrectly; for example reporting on encrypted traffic which would create an incident for every HTTPS request leaving the network,
DLP Network Monitor does not monitor HTTPS protocol without another product like Symantec SSL Visibility that send the traffic unencrypted. Could you tell us what DLP detection server you already have registered on the Enforce server? If you have DLP Endpoint detection server, you could see HTTPS incidents.