Help Center

Third-party software Contact us

Configuring alerts in Endpoint DLP

Follow the steps below to view the default alert profiles in DataSecurity Plus' Endpoint DLP solution:

  • Click the Endpoint tab. Go to Configuration > Settings > Alert Configuration.
  • Choose the Alert Profile you want to view, and click the edit option to see how the profile is configured.
  • Check out the profile details and Criteria used to define the rule.
  • You can also configure a response action for the alert.

Note: The move response supports only the following UNC formats:

\\MachineName\HiddenDriveShare\

\\MachineName\Share\Folder\

Example 1: To move a file to folder Myfolder within drive C in server S01, configure the destination path as \\S01\C$\Myfolder

Example 2: To move a file to folder Myfolder within Myshare in server S01, configure the destination path as \\S01\Myshare\Myfolder

How to write and use custom scripts in DataSecurity Plus

Choose your response to a triggered alert from the predefined scripts available or write your own.

Step 1- Add the script file path

Enter the path of the script file you want to execute in the designated text box. Check the examples below for reference.

Example 1: "[installation_directory]\bin\alertScripts\Shutdown.exe"

Example 2: For .ps1 script files, prefix the script file path with powershell.exe -file.
powershell.exe -file "[installation_directory]\bin\alertScripts\disableNetwork.ps1"

Example 3: wscript "[installation_directory]\bin\alertScripts\blockUSB.vbs"

Note: All alert scripts should be located within the [installation_directory]\bin\alertScripts folder.

Step 2- Choose arguments from the drop-down

Choose additional event parameters to be passed as command line arguments. If you want to pass multiple arguments, select the arguments in the order in which you want to pass them.

Example: To disable any user from the network when a ransomware file is injected into the server, configure the settings using the below details.

User Object = In = ALL

Action = In = File Extension Change

File Type Category = In = Ransomware Encrypted

Script file path: "[installation_directory]\bin\alertScripts\disableNetwork.ps1"

Arguments: Source

Don't see what you're looking for?

  • Visit our community

    Post your questions in the forum.

     
  • Request additional resources

    Send us your requirements.