RSA DLP Endpoint User Guide
Total Page:16
File Type:pdf, Size:1020Kb
RSA DLP 9.5 Endpoint User Guide Copyright and Trademark Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/ index.htm Trademarks RSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of EMC trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm. License Agreement This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person. No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability. This software is subject to change without notice and should not be construed as a commitment by EMC. Third-Party Licenses This product may include software developed by parties other than RSA. The text of the license agreements applicable to third-party software in this product may be viewed in the thirdpartylicenses_DLP_9.5.pdf file. Note on Encryption Technologies This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when using, importing or exporting this product. Distribution Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright © 2012 EMC Corporation. All Rights Reserved. Published in the USA. September 2012 RSA DLP 9.5 Endpoint User Guide Contents Preface ....................................................................................................................................11 About This Guide...............................................................................................................11 Product Version ..........................................................................................................11 Organization of This Book .........................................................................................11 RSA DLP Documentation................................................................................................. 13 Related Documentation.............................................................................................. 13 RSA Support and Service ................................................................................................. 14 RSA DLP Customer Support..................................................................................... 14 RSA DLP Consulting Services.................................................................................. 15 RSA DLP Education Services ................................................................................... 15 Contact RSA .............................................................................................................. 15 Part I: Using DLP Endpoint ............................................................................. 17 Chapter 1: Getting Started as a User ............................................................................. 19 Preventing Data Loss or Misuse ....................................................................................... 19 Why Protect Sensitive Information?.......................................................................... 19 About the RSA Data Loss Prevention ....................................................................... 20 About Policies and Content Analysis ........................................................................ 21 Using Enterprise Manager ................................................................................................ 21 About DLP Enterprise Manager ................................................................................ 22 Logging Into Enterprise Manager.............................................................................. 22 Viewing Risk Summaries and Reports ...................................................................... 23 Handling Incidents..................................................................................................... 23 Viewing and Editing Your User Profile .................................................................... 24 Using Enterprise Manager with DLP Endpoint......................................................... 25 Chapter 2: Managing Incidents........................................................................................ 27 Understanding Incidents and Events................................................................................. 27 The Incident List ...............................................................................................................28 Search for Incidents ................................................................................................... 31 View Incident Details ................................................................................................ 31 Manage Incidents Using the Action Links ................................................................ 31 Select the Columns to be Displayed in the Incident List........................................... 32 Export Search Results................................................................................................ 32 E-mail Search Results................................................................................................ 33 Schedule E-mail Notification of Search Results........................................................ 33 Contents 3 RSA DLP 9.5 Endpoint User Guide Save a Search............................................................................................................. 34 Run a Saved Search ................................................................................................... 35 Manage Saved Searches............................................................................................. 35 Customize Search Criteria ......................................................................................... 36 Incident List Columns................................................................................................ 37 Handling Incidents ............................................................................................................ 39 Handling an Endpoint Incident.................................................................................. 40 Incident Action .......................................................................................................... 45 Managing Incident Statuses .............................................................................................. 52 Create a Custom Incident Status................................................................................ 52 View Incident Status Details...................................................................................... 52 Edit a Custom Incident Status.................................................................................... 53 Set a Default Incident Status...................................................................................... 53 Re-order Incident Statuses ......................................................................................... 54 Delete Custom Incident Status................................................................................... 54 Chapter 3: Viewing Events................................................................................................ 57 About Events..................................................................................................................... 57 The Event List................................................................................................................... 59 Search for Events ....................................................................................................... 61 View Event Details .................................................................................................... 61 Select the Columns to be Displayed in the Event List............................................... 62 Export Search Results................................................................................................ 62 E-mail Search Results................................................................................................ 63 Schedule E-mail Notification of Search Results........................................................ 63 Save a Search............................................................................................................. 64 Run a Saved Search ..................................................................................................