Data Loss Prevention Scans
-
Click 'Security' > 'Endpoint Security' > 'Data Loss Prevention'
DLP scans let you search managed endpoints for sensitive data like card numbers, social security numbers and bank account numbers.
-
You first create the discovery scan rules at 'Assets' > 'Configuration Templates' > 'Data Loss Prevention'
-
You then add a 'Data Loss Prevention' section to a profile:
-
Click 'Assets' > 'Configuration Templates' > 'Profiles' > click the name of a Windows profile
-
Click 'Add Profile Section' > 'Data Loss Prevention'
-
Click the 'Add' button, then add the discovery rules you created in step 1.
-
Save the profile. The scan can run on all devices on which the profile is active.
'Security'
> 'Endpoint Security' > 'Data Loss Prevention' lets you run the
scans and view the results of those scans:
The area lets you:
-
View devices on which DLP scans are active
-
Manually run DLP scans on selected devices
-
View log of files that contain sensitive information
-
View files quarantined by the DLP system on endpoints
Click the following links for help with each tab:
-
Click 'Security' > 'Endpoint Security' > 'Data Loss Prevention'
-
Select the 'Device List' tab
Select a group to view devices in that group
Or
Select 'Show all' to view every device enrolled to Xcitium
-
The interface shows devices on which DLP scans are active:
Column Heading |
Description |
---|---|
Name |
The label of the device on which the scan was run.
|
Logged in User |
The name of the user currently signed-in to the device. The username is prefixed with the active directory (AD) domain or workgroup to which the user belongs:
|
Rule Name |
The DLP rule under which the last scan was run.
|
Rule State |
The status of the last scan. The possible values are:
|
Scan Date |
Date and time of the last scan |
Details |
View files containing sensitive information that were found on the device.
|
Controls |
|
Action on Endpoint |
Run a manual scan on selected devices. See Run DLP Scans for more details. |
-
Click 'Security' > 'Endpoint Security' > 'Data Loss Prevention'
-
Select the 'Device List' tab
-
Select a group to view devices in that group
Or
-
Select 'Show all' to view every device enrolled to Xcitium
-
Select your target devices
-
Click 'Action on Endpoint' > 'Run all discoveries':
-
The scan command is sent to the selected devices.
-
Click the 'Details' link when the scan finishes to view files containing sensitive information
-
See DLP Logs to read more about the scan results.