28th March 2024

Adding Different Users to Role for DLP Product on Mcafee ePO

To operate the DLP(Data Loss/Leak Prevention) process, you may need to grant authorization to representatives from different units in your Institution through Mcafee ePO. For this, we will look at situations such as which authorizations, which incidents, which dashboards it needs to see. We will only authorize personnel in one unit. We will let this personnel see incidents in their unit.

Setting “Permission Sets”

First, we click on the “Menu -> Permission Sets” button on Mcafee ePO.

Permission Sets
Permission Sets

 

On the “Permission Sets” screen, click the “New Permission Set” button at the top.

New Permission Set
New Permission Set

 

In the “New Permission Set” screen, you can give the unit name as the name. As an example, we gave “Finance group“. Exit by clicking the “Save” button.

Group Permission Set
Group Permission Set

 

We select the “Finance group” that we created in the “Permission Set” settings. Here we click the “Edit” button for the “Data Loss Prevention:” tab.

Data Loss Prevention:
Data Loss Prevention:

 

Since we will ensure that the user can only see the incidents, we select the “Incident Management” tab on this screen. In the “Incident Access by Type” section, we select the “Data Protection“, “Endpoint Discovery (data at rest)” and “Network Discovery (data at rest)” fields. In the “Incidents Access by Reviewer (advanced)” section, we select the “permission sets” that we have created. You can choose other settings according to your wish. Exit by clicking the “Save” button.

LEARN MORE  What is Tracert/Traceroute? Example with Tracert/Traceroute Commands1
Incident Management
Incident Management

 

Setting “DLP Incident Manager”

 

Secondly, we will set the “DLP Incident Manager” settings. For this, we click on the “Menu -> DLP Incident Manager” button on Mcafee ePO.

DLP Incident Manager
DLP Incident Manager

 

On the “DLP Incident Manager” page, we click on the “Incident Tasks” option. Click on the “Set Reviewer” section. Click the “Actions -> New Rule” button at the bottom.

Incident Tasks
Incident Tasks

 

On the “Task Rule” page, we enter the rule name in the “Name” field. In the “Reviewer” section, we select the group we made in the “Permission Set” settings. Continue by clicking the “Next” button.

dlp Task Rule
dlp Task Rule

 

On the “Rule Criteria” page, we select the “Rule Set Name” criterion on the left. We choose the rule we created. Close by clicking the “Save” button.

Rule Criteria
Rule Criteria

 

User Creation and Settings

As the third step, we will create the user. We will assign the sets we created to the user. For this, we click on the “Menu -> Users” button on Mcafee ePO.

Users
Users

 

Click the “New User” button at the top of the “Users” screen.

New User
New User

 

Here, enter the user’s job in the “User name” field. If Active Directory is used in the environment, you can add a user from the “Windows authentication” section. If not, you can create a user via ePO from the “ePO authentication” section. The important thing here is the “Manually assigned permission sets” part. Here we select the “Permission set” that we created. We choose the “Finance group” set. Exit by clicking the “Save” button.

LEARN MORE  Getting Information from the Operating System or Services on it - Banner Grabbing in Penetration Tests
create new user on Mcafee DLP
create a new user on Mcafee DLP

 

McAfee ePolicy Orchestrator

We log in to “ePolicy Orchestrator” with the user we created.

ePolicy Orchestrator
ePolicy Orchestrator

 

We can see a limited number of categories on the screen as a result of the authorizations we have given for the user we have created. Here we click on the “Menu -> DLP Incident Manager” tab.

DLP Incident Manager
DLP Incident Manager

 

On the “DLP Incident Manager” page, we click on the “Incident List” tab. Here we can only see family logs to the Finance directorate. This was the rule we wanted anyway. We asked the directorates to see only their own logs without giving any further authorization.

Incident List
Incident List

 

Leave a Reply

Your email address will not be published. Required fields are marked *