Toronto Data Loss Prevention User Group

 View Only
Back to discussions
Expand all | Collapse all

Unable to see HTTPS event in the Data Loss Prevention

  • 1.  Unable to see HTTPS event in the Data Loss Prevention

    Posted Apr 08, 2018 01:06 PM

    Hello

    Here is the connection SSL Box <- -> AMP(Advanced Malaware Protection) <-> Test Proxy -> DLP. For testing purpose, I tried  generating an  HTTPS event(Opened a HTTPS site for my test) to check if the same event is triggered as incidents in the DLP . I m able to see that HTTPS site in SSL Session Log as being Decrypted(Correlated Proxy Flow) -Success, unfortunately can't find the incidents for same in the DLP. 

    Please help

     



  • 2.  RE: Unable to see HTTPS event in the Data Loss Prevention

    Posted Apr 18, 2018 02:22 AM

    Hi,

    You need to use Network Monitor in TAP mode wherein you send the traffic to Network Monitor.  You should also need to create a policy in DLP based on keyword so that I trigger an incident.

    Thanks,

    -Syed Hussain



  • 3.  RE: Unable to see HTTPS event in the Data Loss Prevention

    Posted May 08, 2018 10:23 AM

    Thanks Syed. Will do