McAfee DTP-165C-DPVG Installation Guide - Page 42
Testing the system, Basic Search
View all McAfee DTP-165C-DPVG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 42 highlights
5 Configuring McAfee DLP appliances and adding servers Testing the system Task 1 Log on as root to the McAfee DLP appliance. 2 Stop the NTP daemon. # service ntpd stop # chkconfig --level 2345 ntpd off 3 Restart the NTP daemon. # service ntpd start # chkconfig --level 2345 ntpd on The service command will control the service while the system is running; the chkconfig commands will control what happens at boot time. Testing the system If your system doesn't appear to be generating incidents after it is installed, you can take steps to ensure that it is configured correctly. Table 5-1 Configuration checklist Checks Explanation Action Are appliance connections complete? Status icons display health of each managed appliance. On the System page, check to see if the Status icon is green. If status is Registering or Unknown, wait until the process is complete (you might want to refresh the page). Critical systems must be reinstalled. Are policies activated? If policies are not activated during the setup phase, their rules cannot be matched to network data. On the Policies page, check the State column. If policies are inactive, select policy boxes, then select Activate from the Actions menu. Is the timestamp filter set? The default is Previous 24 hours to keep the system from producing unmanageable numbers of results. On the Incidents page, set Filter by to a longer time period. If the system was recently installed, it will need some lead time for data capture and analysis. Are capture filters set? The system might have been set up On the System | Capture Filters page, remove to block traffic that is needed to meet filters that might be blocking traffic. your protection strategy. For example, the RFC 1918 filter blocks internal IP addresses. Are common keywords producing results? If data is being captured, you will be able to find keywords that are commonly found in your network traffic - for example, your company name. On the Basic Search page, type in a common keyword that can be found in captured data. Does changing the dashboard view display different results? Data-in-Motion, Data-at-Rest, and Data-in-Use On the System page, check to see if the dashboards display results in network corresponding products are installed. traffic, repositories and endpoints. Are existing filters When filters are set, only the blocking significant configured results are visible on the results? dashboard. On the Incidents page, click Clear All in the Filter by frame. 42 McAfee Data Loss Prevention 9.2.0 Installation Guide