mcafee cloud data protection solution guide for use with...

Solution Guide

McAfee Cloud Data ProtectionBeta

For use with McAfee ePolicy Orchestrator Cloud

McAfee Cloud Data Protection Beta Release 21-Mar-2017

COPYRIGHT

© 2017 Intel Corporation

TRADEMARK ATTRIBUTIONSIntel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee ActiveProtection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfeeTotal Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.Other marks and brands may be claimed as the property of others.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.


2 McAfee Cloud Data Protection Solution GuideBeta

Contents

Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1 Solution overview 7Key features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7How McAfee Cloud Data Protection works . . . . . . . . . . . . . . . . . . . . . . . . 9

2 Working with McAfee Cloud Data Protection 15Understanding the Cloud Protection Workspace page . . . . . . . . . . . . . . . . . . . . . . 15

The summary card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15The Applications List card . . . . . . . . . . . . . . . . . . . . . . . . . . . 17The Applications Overview card . . . . . . . . . . . . . . . . . . . . . . . . . 19The Events Overview card . . . . . . . . . . . . . . . . . . . . . . . . . . . 19The Application Details card . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Working with Cloud Protection Workspace . . . . . . . . . . . . . . . . . . . . . . . . . . 22Connecting to 3rd-party cloud services . . . . . . . . . . . . . . . . . . . . . . 22Viewing the data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Using the Policy Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Viewing feature policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Viewing rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32About exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Viewing catalogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Download and install SSL certificates . . . . . . . . . . . . . . . . . . . . . . . . . . 37Working with user groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Active Directory synchronization . . . . . . . . . . . . . . . . . . . . . . . . 37Add a local user group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Edit the local user group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Working with rules and feature policies . . . . . . . . . . . . . . . . . . . . . . . . . 38Add a rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Create a rule by importing a URL list . . . . . . . . . . . . . . . . . . . . . . . 39Create a rule using exceptions . . . . . . . . . . . . . . . . . . . . . . . . . 40Change a rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Reorder the rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Delete a rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Change a feature policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Change Policy Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

View audit logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Export the audit logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Error conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Data errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Network connection errors . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Saving errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56


McAfee Cloud Data Protection Solution GuideBeta

3

Index 57

McAfee Cloud Data Protection Beta Release 21-Mar-2017Contents


Preface

This guide provides the information you need to work with your McAfee product.

Contents About this guide Find product documentation

About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

AudienceMcAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

ConventionsThis guide uses these typographical conventions and icons.

Italic Title of a book, chapter, or topic; a new term; emphasis

Bold Text that is emphasized

Monospace Commands and other text that the user types; a code sample; a displayed message

Narrow Bold Words from the product interface like options, menus, buttons, and dialog boxes

Hypertext blue A link to a topic or to an external website

Note: Extra information to emphasize a point, remind the reader of something, orprovide an alternative method

Tip: Best practice information

Caution: Important advice to protect your computer system, software installation,network, business, or data

Warning: Critical advice to prevent bodily harm when using a hardware product



5

Find product documentationOn the ServicePortal, you can find information about a released product, including productdocumentation, technical articles, and more.

Task1 Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.

2 In the Knowledge Base pane under Content Source, click Product Documentation.

3 Select a product and version, then click Search to display a list of documents.

McAfee Cloud Data Protection Beta Release 21-Mar-2017PrefaceFind product documentation


https://support.mcafee.com

1 Solution overview

McAfee®

Cloud Data Protection provides visibility, insight, and control of the use of third-party cloudapplications — often referred to as 'shadow IT' — in your organization.McAfee Cloud Data Protection shows the files and folders that your users are moving, storing, andretrieving from third-party cloud services. You can view the classifications for the information beingmoved, and answer questions such as:

• Are approved corporate cloud applications being used?

• Is the information confidential?

• Does it contain content that must comply with regulatory requirements?

McAfee Cloud Data Protection collects information from a number of sources, including the followingon-premise products:

• McAfee® Data Loss Prevention (McAfee DLP)

• McAfee® File and Removable Media Protection (FRP)

• McAfee® Web Gateway

• Blue Coat Proxy SG**Other marks and brands may be claimed as the property of others.

Information is also collected from McAfee®

Web Gateway Cloud Service (McAfee®

WGCS).

When you understand your data and where it resides, you can create common policies to apply to yourdata, wherever it is located.

With common policies, you can define and enforce encryption, and guide how end-users treat data (forexample, if they are using personal cloud application accounts to move data, coach them about usingcorporate-approved applications.) In this way, you maintain compliance with regulatory requirementswith increased efficiency and stronger levels of protection.

Contents Key features How McAfee Cloud Data Protection works

Key featuresMcAfee Cloud Data Protection provides visibility, insight, and control of the shadow IT activities in yourorganization.

Information ingestionTo provide visibility of your data, McAfee Cloud Data Protection takes metadata from products installedin your environment and in the cloud.

1McAfee Cloud Data Protection Beta Release 21-Mar-2017


7

These products include:

• McAfee DLP

• McAfee Web Gateway Cloud Service

• McAfee Web Gateway

• Blue Coat Proxy SG*

*Other marks and brands may be claimed as the property of others.

The metadata about the data and its encryption status, your users, and their interactions with cloudapplications, and the data classifications, is sent to McAfee Cloud Data Protection.

Risk analysis

The collected metadata is analyzed and compared to the details held in the McAfee application riskdatabase (AppRisk Database). The AppRisk Database provides information that helps you carry outrisk assessment for web-based applications and services.

McAfee Cloud Data Protection and other McAfee products use this database to understand, evaluate,and assess the complex technical services of your cloud applications. The analysis is based onbusiness requirements and translates them into a Risk score.

The lower the Risk score, the safer or more reliable the application is.

McAfee Cloud Data Protection reports the Risk score, alongside information about your users, theirinteractions, and the data they move.

Data visualization

With the metadata about how your organization moves data and interacts with third-party cloudapplications and services available, McAfee Cloud Data Protection provides options about how you viewthat metadata. Use the Cloud Protection Workspace to view graphs and tables, to better understand whereyour data resides, who accesses and movies it and its encryption status. The McAfee ePO CloudDashboards and Queries & Reports pages provide further options to view this data.

Data control

Knowing what is happening to your data enables you to configure policies to better control that data.Policies and rules created in the McAfee ePO Cloud Unified Security Policy page are applied to the relevantMcAfee products, whether in the cloud or on-premise.

As an example, you can configure a policy so that all documents classified with financial informationare encrypted using the encryption keys assigned to the Finance team. This configuration is thenpassed to McAfee File and Removable Media Protection on your users devices to enforce thisrequirement to encrypt financial data. This configuration is also used by McAfee Key ManagementServer to ensure the correct encryption keys are used.

McAfee Cloud Data Protection Beta Release 21-Mar-20171 Solution overview

Key features


How McAfee Cloud Data Protection worksMcAfee Cloud Data Protection takes metadata about the information your users placing on third-partycloud applications, and provides it in formats you can easily visualize. When you understand how yourusers are moving data, you can create policies to control that data.

The stages to use McAfee Cloud Data Protection are:

• Visualize your data.

• Control the data by configuring policies.

Visualize your data

Gaining visibility of your data allows you to evaluate some risks surrounding your organization. McAfeeCloud Data Protection provides insight into:

• Application risk

• Data risk

• User risk

With knowledge of these risk areas, you can ask the questions needed to further understand theissues you face.

Questions around the applications being used include: What risk does a specific cloud application poseto your organization? Do you have sanctioned cloud applications that you would rather users use?Does a cloud application meet specific regulatory compliance?

For data risks, questions include: If this information (data) was leaked what risk does it pose? Does itcontain personally identifiable information (PII)? Is this file being stored or classified properly?

Information about the risks associated with your uses might raise the following questions: Are usershandling sensitive data properly? How much data are your users storing in third-party cloudapplications? Based on user need, do we need to invest in an enterprise cloud storage application?

The first step to visualize your data is to connect your data sources to McAfee Cloud Data Protection.Suitable data sources include:

• McAfee® Web Gateway (by manual log file upload)

• McAfee® Web Gateway Cloud Service (McAfee® WGCS)

• McAfee® Data Loss Prevention (McAfee DLP)

• Blue Coat Proxy SG* (by manual log file upload)


When your data sources are connected to McAfee Cloud Data Protection, use the Cloud ProtectionWorkspace page to view the connected data. Information about how your data has moved fromendpoints, across your network, and to the cloud is presented. Depending on the sources for this data,further information is displayed, such as:

• The data classifications for each file.

• The type of data event.

McAfee Cloud Data Protection Beta Release 21-Mar-2017Solution overview

How McAfee Cloud Data Protection works 1


9

• The users moving the data.

• The cloud applications or platforms used to move or store the data.

Figure 1-1 Data flow for visualization

Table 1-1 Key to workflow

Step Description

User uploads a file to a third-party cloud application.

McAfee Data Loss Prevention scans document.

McAfee Cloud Data Protection acquires data from McAfee Data Loss Prevention .

Data is manually imported from McAfee Web Gateway or Blue Coat Proxy SG*.

Data is automatically acquired from McAfee Web Gateway Cloud Service .

Data from all sources is visible on the Cloud Protection Workspace page.

Table 1-2 Key to components

Number Description

Customer environment

User endpoint devices


How McAfee Cloud Data Protection works


Table 1-2 Key to components (continued)

Number Description

Document

McAfee Data Loss Prevention

Third-party cloud application

McAfee Web Gateway or Blue Coat Proxy SG*

McAfee ePolicy Orchestrator Cloud

McAfee Cloud Reporting database

McAfee Web Gateway Cloud Service

McAfee Cloud Data Protection

Control the data by configuring policiesOnce you understand your data in detail, including the risks due to the cloud applications,classifications, and regulatory requirements, design suitable policies to control the data.

Use the Unified Security Policy page in McAfee ePO Cloud to define these policies. These policies then areapplied to the most relevant component in your McAfee Cloud Data Protection environment.

Figure 1-2 Data flow for controlling data




11

Table 1-3 Key to workflow

Step Description

Information obtained from connected third-party application.

Data from all sources is visible on the Cloud Protection Workspace page.

Administrator creates policies to encrypt data moving to the connected third-party cloudapplication.

McAfee File and Removable Media Protection enforces the policy on the users endpoint device.

McAfee File and Removable Media Protection obtains the correct encryption keys from McAfeeKey Management Server and encrypts the document.

Encrypted document is posted to the connected third-party cloud application.

Table 1-4 Key to components

Number Description

Customer environment

User endpoint devices with McAfee File and Removable Media Protection installed

Document

McAfee Data Loss Prevention

Third-party cloud application

McAfee Web Gateway or Blue Coat Proxy SG*

McAfee ePolicy Orchestrator Cloud

McAfee Cloud Reporting database

McAfee Web Gateway Cloud Service

McAfee Cloud Data Protection Cloud Protection Workspace page

McAfee Cloud Data Protection Unified Security Policy page

McAfee connectors for third-party cloud applications

McAfee Key Management Service

User tries to store an unencrypted document in a cloud applicationBy gaining visibility into how your users move and store existing data, you know thatconfidential financial data is being stored unencrypted in a particular cloud application.With this knowledge, define policies that encrypt all information categorized as bothconfidential and financial, using the encryption keys for the finance team. Also, if the cloudapplication does not comply with regulatory requirements, define rules to coach usersabout the risks associated with cloud application, and suggest preferred options.




In this example, the policies you defined are applied to McAfee File and Removable MediaProtection on the endpoints to encrypt the data. The policy is also applied to McAfee KeyManagement Server to make sure the correct encryption keys are used to encrypt thisdata. Furthermore, McAfee Data Loss Prevention receives instructions to provide coachingto your users, encouraging them to use sanctioned cloud applications.




13

2 Working with McAfee Cloud DataProtection

Contents Understanding the Cloud Protection Workspace page Working with Cloud Protection Workspace Using the Policy Browser Download and install SSL certificates Working with user groups Working with rules and feature policies View audit logs Error conditions

Understanding the Cloud Protection Workspace pageThe Cloud Protection Workspace page displayed in McAfee

®

ePolicy Orchestrator®

Cloud (McAfee®

ePO™

Cloud)is designed around the concept of providing information contextually. The type of informationpresented to you varies depending on the task you are carrying out. Information can also change dueto the data returned from your products, and the choices that you have made.

The Cloud Protection Workspace page uses cards to display relevant information to the current stage of yourworkflow. As you progress through the workflow, the cards are displayed or minimized to provide youwith the required information at each stage.

The summary cardThe summary card provides an at-a-glance overview of the current headline statistics. The summarycard is located across the top of the Cloud Protection Workspace page in McAfee ePO Cloud.

The summary card shows the number of cloud-based applications that have events categorized asHigh Risk, Medium Risk, and Low Risk during the selected time range. The card also displays totals forthe number of files that are encrypted and the number of events that have been blocked.

Figure 2-1 The summary card

Use the summary card to filter the information displayed on the whole page. For example, filtering therisk level on the summary card also filters the applications list, data visualization, and events cards.

On the right of the summary card is an indication of the time since the data displayed on the CloudProtection Workspace page was last updated. Click the refresh icon to update the displayed information.

2McAfee Cloud Data Protection Beta Release 21-Mar-2017


15

Select the time range for the data displayed on the Cloud Protection Workspace page by clicking the time range selector icon and selecting your required value.

Types of riskThe Cloud Protection Workspace provides information about the relative risk of cloud applications.Information about how these risks change due to user behavior is also reported.

The Cloud Protection Workspace user interface displays the following types of risk:

• Basic risk — the level of risk assigned to a cloud application, based on analysis of:

• Company Profile

• Legal considerations such as EULA, terms of service, and privacy policies

• Compliance — does the cloud application comply with national or international datarequirements

• Intel Security measurements

• Authentication and Access Control

• Service Reliability and security

• Current risk — the current risk level is a combination of the basic risk for an application, and ofuser behaviors. Current risk is calculated for the currently selected time frame.

Color coding of risk categoriesUnderstand how colors are used to show the reported levels of risk for applications displayed in theData Protection user interface.

In the Data Protection user interface, the following colors are used when depicting different risk levels:

Table 2-1 Colors for risk levels

Color Risk level

Red High risk

Orange Medium risk

Pale Blue Low risk

This color coding is applied consistently across risk indicators and fonts to highlight the relative risklevels.

McAfee Cloud Data Protection Beta Release 21-Mar-20172 Working with McAfee Cloud Data Protection

Understanding the Cloud Protection Workspace page


The Applications List cardView the cloud applications McAfee Cloud Data Protection has discovered. The Applications List card ison the left of the page.

Figure 2-2 The Applications List card

The Applications List card is divided into the following sections:

• Applications List headings with search bar, application-by-type filter, and column names.

Best practice: To change the sort order for the cloud applications, click the column headings.

• Advanced Protection

• Essential Protection

Applications List headingsThe heading area provides the search bar, the application filter bar, and the column names for theinformation displayed in the Advanced Protection and Essential Protection sections.

Advanced ProtectionApplications listed in the Advanced Protection area of the Applications List card are those applicationsfor which McAfee has implemented an Application Programming Interface (APIs). APIs allow closeintegration between the application and McAfee Cloud Data Protection.

McAfee Cloud Data Protection Beta Release 21-Mar-2017Working with McAfee Cloud Data Protection

Understanding the Cloud Protection Workspace page 2


17

The columns display the number of high-risk ( ) and medium-risk ( ) events reported during thecurrently selected time frame. To sort the applications by name, or by newest or oldest high ormedium risk events, click the column headings.

The applications shown in the Advanced Protection area also include a graphic representation of theirstate, as listed:

Table 2-2 Advanced Protection icons

Icon Description

The cloud application is being protected by McAfee Cloud Data Protection.

You have paid for McAfee Cloud Data Protection to protect this cloud application, but have notyet configured this service.

McAfee Cloud Data Protection can protect this cloud application, but you have not yetsubscribed to this protection.

A connection error between McAfee Cloud Data Protection and the cloud application exists.

Your subscription for this cloud application will soon expire.

Your subscription for this cloud application has expired.

Essential Protection

View the applications — together with a summary of their high and medium risk events — that aredetailed in your data sources.

Searching for specific applications

You can search for specific applications in the Applications List card across both Advanced Protection andEssential Protection applications. The search results are also reflected in the Applications Overview card. Selectthe search field and enter the application name you are looking for.

The search includes partial matches and is case-insensitive.

You can also filter the applications by application type — for example, filter by Content Sharing, orfilter by Peer to Peer (P2P) services.




The Applications Overview cardThe Applications Overview card provides a representation of the data relating to each cloud application.The Applications Overview card is displayed immediately below the summary card.

The card provides visual feedback on the number of blocked and unencrypted data transfers, as wellas information about total traffic (uploaded and downloaded) and active users. The color bar to the leftof each application name shows level of risk.

Figure 2-3 The Applications Overview card (showing hover-over)

Depending on the actions applied to a file as it is transferred to a cloud application, the counts in therelevant columns increment. A file that triggered a 'read-only' or a 'monitor' action is listed in the ActiveUsers column. If that file is unencrypted, it also increments the Unencrypted Transfers value.

The Applications Overview card reflects any filtering that you apply to the summary card. On the ApplicationsOverview card, you can sort the displayed information by clicking the column headers, or by clicking theapplication of interest.

The card includes a bubble chart design, with the size and color of each bubble representing the trafficand relative risk for each reported area.

Select or hover over an application to the left of the Applications Overview card to replace the bubble viewwith the numerical data for that application.

The Events Overview cardThe Events Overview card provides a more detailed view of logged events. The card is located below theApplications Overview card.

The Events Overview card is split into two main areas. The upper area contains columns displaying EventType, User, Classification, and File information. To have the lower area show data appropriate to your areaof interest, select the relevant values in these columns.

By default, the Events Overview card shows the following information:

• The risk level of the event.

• The date and time that the event occurred (as reported by your web browsers time settings).

• The application to which the event is linked.

• The type of event.




19

Also, where the information is applicable or available, the following is also shown:

• Any action that has been taken.

• The user who carried out the action that triggered the event.

• The classifications that triggered the event.

• The file involved with the event.

For large data sets, only the first 10,000 events are shown in the Events Overview card.

Figure 2-4 The Events Overview card

Table 2-3 Actions icons

Icon Action

(allow) The user-requested action completed.

(block) The user-requested action was stopped.

(encrypt) The transferred data was encrypted.

(monitor) The user-requested action completed, but the users actions have been logged.

Other (no icon) A Data Loss Prevention Apply RM event occurred.

The Events Overview card includes paging to increase the data loading speed, and to provide aconvenient way to display details about large amounts of event data.

The information displayed on the Events Overview card reflects the options you have made in thesummary card. For example, clicking High Risk on the summary card results in only applications thatinclude high risk events being shown in the Events Overview card. These applications include details ofall events that apply to them, not just the High Risk events.




The information in the Events Overview card is, by default, sorted by the risk score. You can togglebetween the sort being in ascending or descending order by clicking Risk in the lower area. Click theTime column header in the lower area to remove sort by risk, sorting instead by time (again, you cansort by ascending or descending time).

Searching for specific events

You can search for specific events displayed in the Events Overview card. Select the column to search(Event Type, User, Classification, or File) and enter the term to search for.

The search includes partial matches and is case-insensitive.

The Application Details cardThe Application Details card is displayed on the right of the page when an application is selected.

The card provides details relating to the currently selected application.

Figure 2-5 The Application Details card (showing the expanded Events and Details sections)

The Application Details card is divided into the following sections:




21

• Application information — Lists the name of the application, and whether it has Advanced Protection orEssential Protection. Also displayed is the circular application risk score icon, showing the current riskscore. This is the risk score as calculated using several factors, such as HIPAA, PCI, and DSScompliance. Information about the categories — for example, storage, file sharing, andcollaboration — is also shown for the application.

• Events — Provides information about activity, for example, the total number of events recorded andthe risk levels for these events. This section also includes graphical trend information relating toUsers and File Transfers.The total that appears next to Users represents all users, whether active, blocked, or inactive, in thecurrently selected time selection.

The total that appears next to File Transfers is the total of all encrypted, unencrypted, and blockedtransfers in the currently selected time selection.

Information listed in the Current column represents activity in the most recent time slice, not activityat the current point in time.

If you are also using McAfee®

Web Gateway Cloud Service (McAfee®

WGCS), click View Policy to opena new tab displaying the Policy Management page.

• Details — Provides information about the application, for example a description of the service, linksto the official website for the application, classification information, and basic risk score.

• Provisioning (for applications with Advanced Protection only) — Provides information about the status ofthe subscription, and the state of provisioning between the 3rd-party application and McAfee CloudData Protection.

You can expand and collapse the Status, Details, and, when present, the Provisioning sections.

See also The Applications List card on page 17Types of risk on page 16Color coding of risk categories on page 16

Working with Cloud Protection WorkspaceIn ePolicy Orchestrator Cloud, the Cloud Protection Workspace page provides information relating to yourdata. Use the landing page to drill-down and better understand what is happening to your data. Usethe provided links to the policies page to create or edit rules to better control your data. Cloud ProtectionWorkspace provides ways for you to visualize and manage your corporate web usage.

Contents Connecting to 3rd-party cloud services Viewing the data

Connecting to 3rd-party cloud servicesBy creating connectors to popular 3rd-party cloud services, McAfee Cloud Data Protection providesAdvanced Protection to the interactions between your users and the connected cloud applications.

Contents McAfee Cloud Data Protection for Box Services McAfee Cloud Data Protection for SharePoint Services


Working with Cloud Protection Workspace


McAfee Cloud Data Protection for Box ServicesMcAfee

®

Cloud Data Protection for Box* Services provides visibility and management as your userssave and retrieve information using the box cloud application.

McAfee Cloud Data Protection for Box Services is a subscription option within McAfee Cloud DataProtection.


Provision McAfee Cloud Data Protection for Box ServicesSet up the connection between McAfee Cloud Data Protection and your corporate Box account.

Before you beginYou must create a trial subscription from beta.manage.mcafee.com for McAfee Cloud DataProtection for Box Services before you can provision the service.

Best practice: Create a generic administrator account on your third-party cloud services,for use only when configuring McAfee Cloud Data Protection to protect these cloud services.Do not use the generic administrator accounts for any other purposes.

Task1 From the McAfee ePO Cloud menu, select Cloud Protection Workspace.

2 In the Applications List, select Box.

The Application Details card is updated with information about the Box service.

3 From Application Details, expand the Provisioning tab.

4 Click Connect.

If the Connect button is grayed out, you have not yet purchased the McAfee Cloud Data Protection forBox Services subscription.

A new browser window is displayed showing the logon page for your corporate box account.

5 From the new browser window, enter the logon details for your box account. Click Sign in.

6 Click Allow to give permission for McAfee Cloud Data Protection to provide visibility of your corporatebox account.

McAfee Cloud Data Protection reports when Box has been successfully connected.

McAfee Cloud Data Protection for SharePoint ServicesMcAfee

®

Cloud Data Protection for SharePoint* Services provides visibility and management as yourusers save and retrieve information using the Microsoft SharePoint cloud application.

McAfee Cloud Data Protection for SharePoint Services is a subscription option within McAfee CloudData Protection.


Provision McAfee Cloud Data Protection for SharePoint ServicesSet up the connection between McAfee Cloud Data Protection and your corporate SharePoint account.

Before you beginYou must create a trial subscription from beta.manage.mcafee.com for McAfee Cloud DataProtection for SharePoint* Services before you can provision the service.


Working with Cloud Protection Workspace 2


23


Best practice: Create a generic administrator account on your third-party cloud services,for use only when configuring McAfee Cloud Data Protection to protect these cloud services.Do not use the generic administrator accounts for any other purposes.

Task1 From the McAfee ePO Cloud menu, select Cloud Protection Workspace.

2 In the Applications List, select SharePoint.

The Application Details card is updated with information about the SharePoint service.

3 From Application Details, expand the Provisioning tab.

4 Click Connect.

If the Connect button is grayed out, you have not yet purchased the McAfee Cloud Data ProtectionforSharePoint Services subscription.

A new browser window is displayed showing the logon page for your corporate SharePoint account.

5 From the new browser window, enter the logon details for your SharePoint account. Click Sign in.

6 Click Allow to give permission for McAfee Cloud Data Protection to provide visibility of your corporateSharePoint account.

7 Register the SharePoint Add-in for McAfee Cloud Data Protection for SharePoint Services, andelevate permissions using the SharePoint Workflow platform.

a Navigate to https://<tenant>-admin.sharepoint.com/_layouts/15/AppInv.aspx, (replacing<tenant> with your SharePoint Online tenant information.)

b Enter the client ID, fb528eb0-bb2b-4a41-bc31-e8ff0cdf6ab7.

c Click Lookup.

The App Title, McAfee O365 Protection is displayed.

d Provide the required information on the form.

For the Permission Request XML field, enter the following text exactly as shown :

<AppPermissionRequests> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" /></AppPermissionRequests>

e Click Create.

See the following Microsoft articles for further information:

• https://msdn.microsoft.com/en-us/library/office/jj687469.aspx

• https://msdn.microsoft.com/en-us/library/office/jj822159.aspx

McAfee Cloud Data Protection reports when SharePoint has been successfully connected.




https://msdn.microsoft.com/en-us/library/office/jj687469.aspx

https://msdn.microsoft.com/en-us/library/office/jj822159.aspx

Viewing the dataThe following work flows show how to view uploaded or linked data.

Importing your log filesImport your log files holding information about user interactions with third-party cloud applications.When log files from any of the mentioned data sources are imported, McAfee Cloud Data Protectionprovides views of your exposure to those cloud applications.

You can import individual, uncompressed, log files from the following sources to McAfee Cloud DataProtection:

• Blue Coat Proxy SG*

• McAfee® Web Gateway


Once imported and processed, the information contained in the log files is displayed in the CloudProtection Workspace landing page. The information is also available in the Dashboards page.

When importing log files, only data from the last 7 days is displayed in the Cloud Protection Workspace andDashboards pages. From the Queries & Reports page, Queries are also limited to only include the last 7 days ofdata. Reports have user-selectable time scales, allowing you to define the time that the report covers.

Log file requirementsLog files must conform to specific requirements so that the information in them can be successfullyimported and viewed.

Log files larger than 1 GB cannot be imported into McAfee Cloud Data Protection. Each log file must beuncompressed, and uploaded individually.

Requirements for log files from Blue Coat Proxy SG

The header in the uploaded Blue Coat log file must be an exact match to the following:

#Fields: date time time-taken c-ip cs-usernamecs-auth-group s-supplier-name s-supplier-ip s-supplier-countrys-supplier-failures x-exception-id sc-filter-result cs-categoriescs(Referer) sc-status s-action cs-method rs(Content-Type)cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-querycs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-idx-bluecoat-application-name x-bluecoat-application-operationcs-threat-risk

Any deviation from the required header types and order causes the log file to not be uploaded andparsed successfully.

Requirements for log files from McAfee Web Gateway

The header in the uploaded McAfee Web Gateway log file must begin with # and must contain thefollowing mandatory fields:

time_stamp"auth_user"src_ip"req_line"

Field names must be an exact match.




25

The order of the fields in the header is not important. Also, provided the highlighted mandatory fieldsare included, you can customize the log files by adding additional headers and fields.

Best practice: Create a new log file specifically for uploading to McAfee Cloud Data Protection. Tocustomize your McAfee Web Gateway log files, apply the required changes to the default access.log filethat ships with McAfee Web Gateway. Creating a new log file addresses the risk that these changesmight break compatibility with the third-party reporting tools.

Adding fields to Web Gateway log filesEnsure you have the required fields present in your Web Gateway log files before trying to importthem to McAfee Cloud Data Protection.

When you add log file fields, also adapt the log header and configure entries for the new log file fields.This way you ensure that the header, which is written into every log file, also includes informationabout these fields.

Contents Add a log file field Adapt the log header

Add a log file fieldTo add a log file field to an entry for a log file, append an appropriate element to the configuration forwriting log file entries.

In this sample procedure, the destination IP address of a client request that is received on WebGateway is added to the rule for writing log file entries into the default access log.

Task1 Select Policy | Rule Sets.

2 Select Log Handler, expand the Default rule set on the log handler tree, and select Access Log.

3 Add an element for writing log file entries.

a Select the Write access log rule and click Edit immediately above.

b Select Events, then select the event Set User-Defined.logLine and click Edit.

c Under To concatenation of these strings, click Add.

d Click Parameter property, select IP.ToString from the properties list, and click Parameters next to theproperty name.

To search for the property, you can type a suitable combination of characters in the filter fieldabove the list, for example, ip.tos.

The Parameters For Property window opens.

e Click Parameter property and select URL.Destination.IP.

f Click OK in the Parameters For Property window, then in the Enter a String window.

The new element appears in the Edit Set Property window, behind the last of the old elements, asshown here:

+ Number.ToString(Block.ID)+ "" ""+ Application.ToString(Application.Name)+ """+ IP.ToString(URL.Destination.IP)




4 Insert a delimiter to let the new log file field be separated from the preceding.

a Select the line with the three double quotes and click Edit.

b Enter a blank next to the double quote that appears in the window, then click OK.

The Enter a String window closes. In the Edit Set Property window, the line between the two elementsshould now look like this:

+ Application.ToString(Application.Name)+ "" "+ IP.ToString(URL.Destination.IP)

c Click OK in the Enter a string and Edit Set Property windows, then click Finish in the Edit Rule window.

5 Click Finish in the Edit Rule window, then click Save Changes.

Adapt the log headerAdapt the access log header by adding a header entry for the new element that you appended to theelements for log file writing.

Task1 Select Policy | Settings.

2 On the settings tree, expand File System Logging and select the Access Log Configuration settings.

3 Under File System Logging Settings, make sure Enable header writing is selected, and at the end of the textstring in the Log header field leave a blank after the last element and type server_ip.

Header field names, such as server_ip, must not include blanks inside them, so always useunderscores.

4 Click Save Changes.

Import a log fileImport a log file holding information about user transactions with cloud applications so that you cangain an overall picture of these interactions.

Before you beginEnsure that you have the uncompressed log files to be imported saved on a drive you canaccess. You can download a sample log file from Data Protection | Getting Started with Cloud DataProtection.

Ensure the log file to be imported is smaller than 1 GB.

Task1 From the McAfee ePO Cloud menu, select Log Import.

2 Select the required log file type from Data Source.

3 Browse to the log file to be imported.

4 Click Upload.

The log file is saved to McAfee Cloud Visibility — Community Edition, and is then processed. Thismight take a few minutes, depending on the amount of information being processed.




27

When the log file has been processed, the data contained inside it is displayed on the Cloud ProtectionWorkspace landing page. The data is also available for use in the McAfee ePO Cloud Dashboards and in theQueries & Reports pages.

Viewing data on the Cloud Protection Workspace pageThe Cloud Protection Workspace page provides a location where you can view a summary of the dataimported from your log files.

Before you beginEnsure you have imported a suitable log file with data from the last seven days, or haveconnected to suitable data sources. Any data older than seven days is not displayed in theCloud Protection Workspace page.

Task1 From McAfee ePolicy Orchestrator Cloud, browse to the Cloud Protection Workspace page.

2 Notice the information in the summary card across the top of the window. Click a risk category tofilter the information shown in the other areas of the Cloud Protection Workspace page.

3 To see more details about the cloud interactions contained in the imported log file, click areas ofinterest to drill down into the data.

Viewing data from the DashboardsThe Dashboards provide a location where you can view predefined graphs reflecting the informationimported from your log files.

Before you beginEnsure you have imported a suitable log file with data from the last seven days, or haveconnected to suitable data sources. Any data older than seven days is not displayed in theDashboards.

Task1 From McAfee ePolicy Orchestrator Cloud, browse to the Dashboards page.

2 From the drop-down list, select one of the Cloud Data Protection options.

The page refreshes with the selected information.

3 To drill down into the imported data, click areas of interest.

4 To filter the tabular information, click the headers.

Viewing data from Queries and ReportsThe Queries and Reports page provides a location where you can query the data imported from your logfiles, and schedule and run reports on that data.

Before you beginEnsure you have imported a suitable log file, or have connected to suitable data sources.For the Reports, you select the time frames you require, providing the log files contain datathat matches the selected time frame.




Task1 From ePolicy Orchestrator Cloud, browse to the Queries and Reports page.

2 From the Groups area, select the Cloud Data Protection group of interest.

3 Select the Queries tab.

4 Choose the Query of interest. Click Run to query the selected information.

The selected information is displayed.

5 Select the Reports tab.

6 Choose the Report of interest. Click Run to view the selected information.

7 Select your required Report Runtime Parameters. Click OK.

8 Click the Last Run Result to view the selected report.

You can also schedule queries and reports to run at predefined times.

Using the Policy BrowserThe Policy Browser user interface for managing your policies is designed around the concept ofproviding information contextually. The type of information presented to you varies depending on yourinstalled options, the current area of the user interface, and the choices that you have made.

The user interface for managing your policies is organized to provide protection around key featureareas relevant to the McAfee products and services you use.

Figure 2-6 Default Cloud Data Protection policy browser (all features shown collapsed for clarity)

CommentAdd sshot when all CDP features are added.

These key feature areas are:

• Global Settings, where you maintain the Global URL Whitelist and Global Blacklist that applies to all users andpolicies.

• Cloud Data Protection, where you configure the policies and rules to apply to 3rd-party cloudapplications.


Using the Policy Browser 2


29

Viewing feature policiesIn each key feature area on the user interface, is one or more feature policies relating to that area.Feature policies can be used to provide varying degrees of restriction on the key feature areas towhich they relate.

Each policy has its own set of rules and exceptions. For example, a restrictive feature policy mostlikely has rules and exceptions to block access to most locations for most users. A lenient policy hasrules configured to allow access to most locations for most users.

By default, your product includes several policies for each feature area. These policies are configuredwith commonly used settings for different industry, educational, and government sectors. Forexample, some organizations prefer less restrictive settings, so that their employees, or students, canmake the best business or educational use of the Internet. A Defense Department must be much morerestrictive on the policies for Internet use.

For most situations, it is useful to maintain two policies for each feature: one that you use in normalday-to-day situations, and another, more restrictive policy for when investigating a security concern.

To view the available feature policies for each feature area, select each policy by clicking the policiesdrop-down list arrow.

Figure 2-7 View policies by selecting them from the policies drop-down list

After the feature policy drop-down list has been expanded for the selected feature area, all featurepolicies relating to that area are displayed. In each policy, you can configure any number of rules.

Policy DetailsClicking a feature policy name — for example, Limited, or Permissive — displays the Policy Details panetoward the right of the user interface.

Figure 2-8 Policy Details pane for McAfee Cloud Data Protection policies


Using the Policy Browser


From the Policy Details pane, you can see the name of the feature policy, and can view and edit the blockpages used by the feature policy.

Also, you can copy the block page and use it to create another block page.

You can view the details for any policy, whether it is enabled or disabled. If you view a policy that is notenabled, the disabled policy assignment icon is displayed, indicating it is not currently in use.

You can also view feature policy-specific information:

Table 2-4 Feature policy-specific information

FeaturePolicy

Additional information

Cloud DataProtection

In the Cloud Data Protection | Policy details pane, select the required options to ensure thatencryption is compliant your needs.• Require Data Protection Compliance — only consider the endpoint to be compliant if the

endpoint has McAfee Data Loss Prevention Endpoint installed and active. Inaddition, the number of cloud and web protection incidents from the endpoint isbelow the predefined threshold.

• Require Machine Encryption Protection — the endpoint is considered compliant if McAfeeDrive Encryption or McAfee Native Encryption is installed and the endpoint is fullyencrypted.

• Require Threat Prevention Compliance — to be considered compliant, the endpoint musthave either McAfee VirusScan Enterprise or McAfee Endpoint Security installed andactive. McAfee VirusScan Enterprise or McAfee Endpoint Security must be runningthe latest DATs, and have fewer than the predefined number of detections.

If you navigate to a different feature policy, the Policy Details pane remains open, but does not updateuntil you click the new feature policy name.

If you add or select a rule while the Policy Details pane is open, the Policy Details pane closes and the RuleDetails pane replaces it.




31

Viewing rulesEach feature policy contains a set of rules.

Rules run in a top-down order, with each rule being configured to take the selected action when therule matches.

Figure 2-9 Example feature policy rules

Each feature policy has specific types of rules that they can contain.

Table 2-5 Rule types

Feature Allowable rules

Global Settings Global URL Whitelist — a list of URLs that are considered 'safe' and which areevaluated before any other rules. Web requests to a URL contained within theGlobal URL Whitelist are allowed, and all further rules are skipped.

Global Blacklist

Cloud Data Protection New URL Whitelist Rule — a list of URLs that are applied to the Cloud Data Protectionfeature.

New Classification Rule — select the classifications used to match types of information,for example, to identify documents that contain medical terms.




Rule DetailsClicking a rule displays the Rule Details pane toward the right of the user interface. From this pane, youcan see the name of the rule, and whether it is enabled or disabled. You can also see the configuredprimary action, together with any exceptions that are configured.

Figure 2-10 Rule Details pane

The top area of the Rule Details pane shows the primary object — that is, the object or list about whichthe rule applies — and its status.

The Rule Details menu contains:

Table 2-6 Rule details menu

Menu item Description

Enable Rule Enable the currently selected rule so that it is used to evaluate your users web requests.

Disable Rule To prevent a rule being used to evaluate your users web requests, select Disable Rule.

Add Action Where applicable for the selected feature and rule, add additional actions to the rule.

Close Close the Rule Details card.

The primary object changes depending on context — as you select different types of rules, only relevantprimary objects are displayed.

The currently selected primary action is displayed.

Table 2-7 Available primary actions for different types of rules

Rule type Available primary actions Notes

Access Protection rules Allow, Monitor, Block, Coach

Global URL Blacklist Block You cannot create Blacklist rules;the only blacklist exists in theGlobal Settings feature.

Cloud Data Protection rules Allow, Apply Encryption, Monitor, Block,Coach

Global URL Whitelist Always Allow

In each primary action, any configured exception objects — where permitted — are shown.

Table 2-8 Descriptions of the actions

Action Description

Allow/Block An Allow action causes the web request to bypass the current feature, andprogress to the next feature in the top-down list.

The Block action stops all further processing and blocks the request.

Always Allow Applicable to the Global URL Whitelist only, Always Allow allows the web requestthrough, and stops all further processing by the remaining features.




33

Table 2-8 Descriptions of the actions (continued)

Action Description

Apply Encryption The Apply Encryption action causes any documents transferred to third-party cloudapplications to be encrypted.

Coach Similar to the Monitor action, Coach logs the details of the transaction, and alsoprovides information to the user. For example, a Coach message can beconfigured to suggest alternative, recommended cloud services.

Inspect/Do no inspect The Inspect action causes the SSL information to be decrypted before beingpassed to the next feature in the list.

Do not inspect stops the SSL information being decrypted, effectively stopping allfurther processing by the remaining features.

Monitor Configure a Monitor action to log details about the transaction.

Submit Files/Bypass(only available forCloud Threat Detectionservice)

The Submit Files action causes the files to be forwarded to the Cloud Threat Detectionservice for further analysis.

The Bypass action prevents the file being sent to the Cloud Threat Detection service.

Importance of the rule order

When an Always Allow action is triggered, all subsequent rules are skipped and are not evaluated inrelation to the current request.

For Allow actions, all remaining rules in the current feature policy are skipped, and processingcontinues in the next feature policy.

For both Allow or Always Allow actions, the triggering item is allowed.

Consider the order in which you sort your rules for each feature policy. Place the most stringent rulesat the top of rule list, progressing down to the final catch-all rule at the bottom of the list.

Importance of the action order

The action placed at the bottom of the Rule Details pane is considered the primary action, and acts asthe catch-all action. For example, if the bottom-most action is Block, then any traffic that does notmatch the actions above it is blocked.

See also Enable or disable a rule on page 42




Object detailsThe object details pane provides a method of viewing relevant items in your rules.

Figure 2-11 Object details pane

The information displayed in the object details pane changes as you move through the workflow foryour tasks. This changing information ensures that you are always presented with options relating toyour current workflow. For example, when the Web Reputation rule is selected, you can enable or disablethe rule, and you can add exceptions. You cannot edit the description for the Web Reputation rule.

When permitted by the current stage in your workflow, you can edit the items that appear in theselected object.

Some areas of the user interface can contain large quantities of selectable entries. These areas includea search field to allow you to more easily find the items that you are looking for.

Catch-all rulesCatch-all rules provide you with a method of configuring feature policies such that an action can betaken if no other rules are triggered.

Catch-all rules appear at the bottom of the list of rules for the relevant feature policies, and cannot bedeleted or reordered. This type of rule can be disabled.

About exceptionsExceptions provide a method for you to tie specific rules or actions to user groups and connectableapplications. Using exceptions enables you to create complex rules to meet your businessrequirements.

The use of exceptions is best explained using an example.

Assume that you are creating a rule to ensure compliance with US PII legislation.

In this rule, you want to monitor the cloud interactions that are matched to the US PII classificationfor your executives. But, you want to enforce the use of encryption for your allowed users when theymove files that contain Personally identifiable information to specific connectable cloudapplications.

A connectable application is one for which there is a McAfee connector available, for example: McAfeeCloud Data Protection for Box*





35

This could be achieved by creating a rule for your executives, and another rule for your allowed usersgroup.

Using exceptions, you can create a single rule to meet this requirement.

Exceptions work by moving from a specific, to a more general, impact on the rules.

See also Create a rule using exceptions on page 40

Viewing catalogsCatalogs hold groups of related data, for example, block pages, lists of web categories, lists of webapplication types, and lists of media types.

The Catalog pane is displayed on the right side of the screen.

Figure 2-12 Catalog pane

The content of the catalog pane varies depending on the selected feature area and rules.




Download and install SSL certificatesInstalling SSL certificates enables McAfee WGCS to scan your SSL traffic. Certificates must be installedon each device used to communicate with McAfee WGCS.

Detailed information about installing the SSL certificates on different browsers and operating systemsis included in the certificate bundle.

Task

1 From the Policy Browser, select SSL Scanner.

2 Click the policy name - for example, Limited Coverage, or File Transfers Only, to the right of the SSL Scannerarea.

The Policy Details pane is displayed on the right of the screen.

3 Click Download SSL certificate bundle. When prompted, save the .zip file locally.

4 Extract the files from the .zip file.

5 Follow the instructions for your browsers and operating systems contained in theImporting_Certificates_into_Browsers.pdf document (included in the certificate bundle .zip file).

Working with user groupsConfigure local user groups or use Active Directory Services to connect to your Active Directory so thatyou can apply policies to different groups of users.

Tasks

• Active Directory synchronization on page 37By integrating the user groups from your Active Directory into the web protection policies,you can create policies that are applied to specific groups of users.

• Add a local user group on page 37You can add local user groups to your feature policies to customize the protection for yourusers.

• Edit the local user group on page 38As an administrator, a common task is to edit the local user group details.

Active Directory synchronizationBy integrating the user groups from your Active Directory into the web protection policies, you cancreate policies that are applied to specific groups of users.

See the Active Directory synchronization chapter in the McAfee ePolicy Orchestrator Cloud ProductGuide for detailed information about synchronizing your local AD.

Add a local user groupYou can add local user groups to your feature policies to customize the protection for your users.

Task

1 In the Policy Browser, select the feature to change.

2 In the feature area, select the feature policy and rule to which you want the local user groupadded.


Download and install SSL certificates 2


37

3 In the Rule Details pane, select edit for the action to which you want to add the new user group.

You cannot add a user group to the current primary action.

4 Click the menu icon button from the user groups pane.

5 Click New User Group.

6 (Optional) Type a name for the user group.

7 Click Save to update the rule.

Edit the local user groupAs an administrator, a common task is to edit the local user group details.

Task1 In the Policy Browser, select the feature to change.

2 Select the local user group to be edited.

3 Click the menu icon button from the group details pane.

4 Click Edit.

5 Type the new name for the user group.

6 Click Save to update the local user group.

Working with rules and feature policiesUse the following tasks when creating or changing rules and feature policies.

Tasks• Add a rule on page 39

You can add rules to your feature policies to customize the protection for your users.

• Create a rule by importing a URL list on page 39You can create a URL list rule by importing a .csv file with the URLs into a URL list. Youthen add this URL list to the new rule.

• Create a rule using exceptions on page 40Create a complex rule using exceptions to specify user groups and connected applications

• Change a rule on page 41There are a number of ways you can change rules to meet your protection requirements.

• Reorder the rules on page 49Move the rules to change the order in which they are applied. The order in which rules areapplied depends on the order that they appear in your policy — rules are applied from thetop down.

• Delete a rule on page 49Deleting unwanted rules enables you to more easily organize and understand your featurepolicies.

• Change a feature policy on page 50You can change feature policies to meet your protection requirements.

• Change Policy Assignment on page 54Each feature can have only one active feature policy applied to it at a time. Use this task tochange the feature policy assigned to a feature.


Working with rules and feature policies


Add a ruleYou can add rules to your feature policies to customize the protection for your users.

Where the new rule is placed depends on the options you choose, and what you currently haveselected:

• If you have an existing rule selected, the new rule is placed immediately above the selected rule.

• If you do not have a rule selected, the new rule is placed at the bottom of the selected keyprotection area.

If a catch-all rule exists, the new rule is placed above the catch-all rule.

• If you choose to add a whitelist, it is placed below the last whitelist rule in the browser.

You cannot add a rule if you are currently in edit mode, for example, if you are editing the rule details ofanother rule.

Some rule types — for example, Anti-Malware rules and Web Reputation rules — are created by default,and you cannot add more rules of these types.

Task1 From the Policy Browser, click the Action menu icon of the feature policy, then select New Rule.

2 In the Catalog pane, select your required catalog type from the drop-down list.

The relevant catalogs are displayed.

3 Click the Add button next to the catalog to use.

Best practice: Use the Search field to filter the items available for selection. To empty the Searchfield, click the remove icon.

4 Click Save.

5 Select the required actions.

6 Click Save.

See also Change the Rule Details on page 43

Create a rule by importing a URL listYou can create a URL list rule by importing a .csv file with the URLs into a URL list. You then add thisURL list to the new rule.

Before you beginEnsure that you have an existing comma-separated values file with the list of the URLs tobe imported. The file can optionally include a header row.

The list must contain comma-separated values. Each line contains one URL, followed by the',' separator and then either 'true' or 'false'. Adding 'true' indicates that the URL has the 'Allsubdomains' parameter selected, whereas 'false' deselects 'All subdomains'.

The URL and the true/false value are case insensitive.

There must not be any spaces in or at the end of each line.


Working with rules and feature policies 2


39

As an example, the entries in the file can look like:

https://www.example.com,trueHTTP://SUPPORT.EXAMPLE.NET,FALSEexample.org,True

If any row in the URL list does not comply with the required format, an error is displayedand the file import fails.

Task1 From the Policy Browser, click the menu icon of the feature policy that relates to the rule to be

added.

2 Select New URL Whitelist Rule.

3 In the URL List Catalog, click the Catalog menu icon and select Import New URL List.

4 In the Import List dialog box, browse to the previously created list of URLs.

If the .csv file includes a first row with header information, make sure that you select This file contains aheader row.

5 Click Import.

The content of the file is used to create a URL list rule.

If duplicate URLs are contained in the .csv file, the import is paused and you are notified of theduplicate entries. You can then choose to continue with the import or end without importing the URLlist.

6 After the URLs listed in the file have been imported, accept the default URL list name, or type anew name for the URL list.

By default, the new list takes the name of the .csv file used to import the URL list.

7 Click Save.

8 To add the list to the new rule, click the add icon to the right of the newly added URL list.

9 Accept the default rule name, or type a new name.

By default, the new rule takes the name of the selected URL list.

10 Click Save.

See also Export a list of URLs on page 47

Create a rule using exceptionsCreate a complex rule using exceptions to specify user groups and connected applicationsThis task creates the rule discussed in the example given in the topic Using exceptions:

Assume that you are creating a rule to ensure compliance with US PII legislation.

In this rule, you want to monitor the cloud interactions that are matched to the US PII classificationfor your executives. But, you want to enforce the use of encryption for your allowed users when theymove files that contain Personally identifiable information to specific connectable cloudapplications.




Task1 Create a new rule

a From the Policy Browser, click the menu icon of the feature policy or rule in Cloud Data Protection.

b Select New Rule.

2 Assign the required rule type.

a From Catalog, select Classifications from the drop-down list.

The catalog of available classifications are displayed.

bFrom the catalog, click the add button to the right of the US PII entry.

In the Rule Details pane, you see that rule name is now US PII.

3 Assign the required user groups.

a In the Rule Details pane, click the edit icon located next to the Monitor option.

In the Catalog pane, the list of User Groups is displayed.

bClick the add button to the right of Executives.

The Monitor action is now tied to the Executives user group.

c In the Rule Details pane, click the menu icon and select Add Action.

The Apply Encryption option is selected by default and the rule is now editable.

dFrom the Catalog pane, select Allowed User Groups by clicking the add button.

The Apply Encryption action is now tied to Allowed User Groups.

4 Assign the required cloud connectors.

a In the Catalog pane, select Connectable Applications from the drop down menu.

In the Catalog pane, the list of Connectable Applications is displayed.

bClick the add button to the right of an application.

The Apply Encryption action is now tied to the application and is applicable to Allowed User Groups.

5 In the Rule Details pane, click Save.

See also About exceptions on page 35

Change a ruleThere are a number of ways you can change rules to meet your protection requirements.




41

Tasks• Enable or disable a rule on page 42

Not all rules in a feature policy need be active at any given time. You can enable or disablerules to suit your requirements.

• Change the Rule Details on page 43In the Rule Details pane, you can add or remove user group exceptions, or edit the primaryobjects in the currently selected rule.

• Add an action to a rule on page 43Add additional actions to rules.

• Change the primary action on page 44The primary action for a rule can be considered as the catch-all action. In the Rule Detailspane, the primary action is displayed at the bottom of the pane.

• Change an action on page 44When multiple actions are available for a rule, you can change the selected action.

• Remove an action from a rule on page 45Remove actions from rules.

• Create a list on page 45You can create lists and add them to Web Category, Media Type, Site lists, and Application rules.

• Add a URL to a URL list on page 45As an administrator, a common task is to add a URL to a URL list. These lists enable you tocontrol the websites that your users can access. URL lists provide lists of websites that canbe added to policies.

• Edit a URL in a URL list on page 46As an administrator, a common task is to maintain the URLs contained in URL lists. Theselists enable you to control the websites that your users can access.

• Export a list of URLs on page 47Exporting lists of URLs is a useful way of backing up information. You can then import theexported information to other rules, or to import the information to other systems. Theexported URLs are saved in CSV format.

• Import a list of URLs on page 47Importing lists is a convenient way of adding URLs to your system. The URL list to beimported must be in CSV format.

• Import DLP classifications on page 48Import classifications from your McAfee Data Loss Prevention Endpoint for use in yourMcAfee Cloud Data Protection policies.

• Use a pick list to populate a list on page 48To quickly add items to a list, select them from prepopulated pick lists.

Enable or disable a ruleNot all rules in a feature policy need be active at any given time. You can enable or disable rules tosuit your requirements.


2 In the feature area, select the feature policy and rule to change.




3 In the Rule Details pane, click the menu icon and select the required state (Enable rule or Disable rule)from the available options.

If you are trying to disable a catch-all rule, another confirmation dialog is presented. Click OK toproceed.

4 Click Save to proceed with the change.

Change the Rule Details In the Rule Details pane, you can add or remove user group exceptions, or edit the primary objects inthe currently selected rule.

Some rule types have limitations on what can be edited. For example, with Anti-Malware rules youcannot switch between the actions or delete the rule. You can enable or disable an Anti-Malware rule,and you can add exceptions groups to the Block action.

You can create exceptions for most rule types. For example, you can have a rule that allows youremployees to access the Internet. You can then define an exception in this rule that prevents guestusers and contractors from this access.

The following workflow shows how to change the rule details for the Allow action. Changing the Blockaction uses a similar workflow.



3 In the Rule Details pane, make sure that the Allow action is selected.

You cannot edit the active action in Rule Details. For example, if the Allow action is active, and you wantto edit the Allow details, first make the Block action active. Move Block to the bottom position in theactions list. Then, make your required changes to the Allow action.

4 Click the edit icon located next to Allow.

5 In the Group Catalog, do one or more of the following:

• To add a group to the selected rule: In the Group Catalog, click the add icon to the right of theuser group to be added to the Allow action.

If a user group is already assigned to the action, the add icon is not displayed, as you cannotadd an object twice to the same action.

The selected user group is shown as grayed out in the catalog, and is added to the Allow action.

• To remove a group from the selected rule: From the existing groups in Rule Details, click the remove icon for the group to be removed.The selected user group is removed from the Allow action.

6 Click Save.

Add an action to a ruleAdd additional actions to rules.Depending on your selected feature area and rule, additional actions can be added.

If no additional actions are available for your selected feature and rule, the Add Action option isgrayed-out in the menu.




43



3 In the Rule Details pane, click the menu icon and select Add Action.

The new action is added to the rule as the secondary action.

4 Click Save.

Change the primary actionThe primary action for a rule can be considered as the catch-all action. In the Rule Details pane, theprimary action is displayed at the bottom of the pane.



3 In the Rule Details pane, click the edit icon next to the action to be made the primary action.

The action to be changed shows the drop down.

4 Click the drop down icon.

5 Click Move Down until the selected action is the bottom-most action.

6 Click Save.

The selected action is now the primary action.

Change an actionWhen multiple actions are available for a rule, you can change the selected action.



3 In the Rule Details pane, click the edit icon next to the action to be changed.

The action to be changed shows the drop down.

4 Click the drop down icon.

5 Select the required action.

6 Click Save.

The selected action is now used by the feature.




Remove an action from a ruleRemove actions from rules.

You can remove unwanted actions from your rules.

You cannot remove all actions from a rule. Also, you cannot remove the currently selected primaryaction.



3 In the Rule Details pane, ensure that the action to be removed is not the primary action.

4 Click the edit icon next to the action to be removed.

5 Click the drop-down icon and select Remove Action.

6 Click Save.

Create a listYou can create lists and add them to Web Category, Media Type, Site lists, and Application rules.

Task1 From the Policy Browser, click the menu icon of the feature policy and rule.

2 Select the appropriate new rule for the selected feature.

A new, blank rule is created with the relevant catalog displayed beneath the Rule Details pane.

3 Click the menu icon from the catalog below the Rule Details pane, and select the new list optionapplicable to your selected rule type.

4 Rename the list as required.

5 To view the available items, expand the grouped pick lists in the mini-catalog. To add items to thenew list, click the adjacent add icons.

If you are creating a list for URL lists, no pick lists are available. Instead, type the required URLs, orcopy and paste a list of URLs into the URL field.

6 Click Save to add the new list to your configuration.

Add a URL to a URL listAs an administrator, a common task is to add a URL to a URL list. These lists enable you to control thewebsites that your users can access. URL lists provide lists of websites that can be added to policies.

Whitelists and blacklists are similar to other URL lists, except that:

• The Global URL Whitelist only has the Always Allow action.

• Feature-specific whitelists only have the Allow action.

• Blacklists only have the Block action.

• You cannot configure exceptions for blacklists or whitelists.




45


2 In the feature area, select the feature policy, rule, and URL list to change.

3 In the URL list details pane, click the URL catalog icon and select Edit from the pop-up menu.

The add URL pane appears beneath the URL list details pane.

4 Click in the add URL pane, and type the URL to be added to the URL list. You can also copy andpaste a URL, or a list of URLs, into this field.

The URL is checked as you enter it in the add URL pane, to prevent duplicate entries being added.

5 (Optional) Select All subdomains.

Selecting All subdomains adds all sites found in the entered URL to the URL list. For example, enteringgoogle.com and selecting All subdomains matches maps.google.com, news.google.com, andmail.google.com.

6 Click Add to include the new URL with those shown in the URL list details pane.

Until you click either Add or Clear, you cannot make further changes to the URL list.


Edit a URL in a URL listAs an administrator, a common task is to maintain the URLs contained in URL lists. These lists enableyou to control the websites that your users can access.

URL lists provide lists of websites that can be added to policies.



3 From the URL list detail pane, select the URL to be edited.

4 Click the URL catalog icon and select Edit.

The selected URL is shown in the edit URL pane beneath the URL list details pane.

5 Make your required changes to the selected URL.

6 Click Done to include the edited URL with those shown in the URL list details pane.

To add a URL, rather than edit the selected URL, click the add icon.





Export a list of URLsExporting lists of URLs is a useful way of backing up information. You can then import the exportedinformation to other rules, or to import the information to other systems. The exported URLs aresaved in CSV format.

Task1 Select the rule that contains the list of URLs to be exported to a CSV file.

2 In the Rule Details pane, click the URL catalog icon from the object details pane and select Export.

3 Follow the workflow for the browser you are using to save the file.

The list of URLs are saved into a file named after the sitelist object. For example, exporting the listof URLs from a sitelist named Blocked URLs creates a list named Blocked URLs.csv.

The file contains a header row, with the following column names:

URL Subdomain (True/False)

It also contains a row for each URL in the list.

Import a list of URLsImporting lists is a convenient way of adding URLs to your system. The URL list to be imported mustbe in CSV format.

Before you beginEnsure that you have an existing comma-separated values file with the list of the URLs tobe imported. The file can optionally include a header row.

The list must contain comma-separated values. Each line contains one URL, followed by the',' separator and then either 'true' or 'false'. Adding 'true' indicates that the URL has the 'Allsubdomains' parameter selected, whereas 'false' deselects 'All subdomains'.

The URL and the true/false value are case insensitive.

There must not be any spaces in or at the end of each line.

As an example, the entries in the file can look like:

https://www.example.com,trueHTTP://SUPPORT.EXAMPLE.NET,FALSEexample.org,True

If any row in the URL list does not comply with the required format, an error is displayedand the file import fails.

Task1 Select the rule into which you want to import the URLs.

2 In the Rule Details pane, click the URL catalog icon from the object details pane and select Import.

3 Browse to the .csv file with the URLs to be imported.

If the .csv file includes a first row with header information, make sure that you select This file contains aheader row.




47

4 Click Import.

A status message is displayed.

If duplicate URLs are contained in the .csv file, the import is paused and you are notified of theduplicate entries. You can then choose to continue with the import or to end without importing theURL list.

5 To overwrite any existing URLs with the imported values, click Replace.

6 Click Save.

Import DLP classificationsImport classifications from your McAfee Data Loss Prevention Endpoint for use in your McAfee CloudData Protection policies.

Before you beginExport your DLP classifications from McAfee Data Loss Prevention Endpoint and save theresulting file to a location you can access.

Task1 From the McAfee ePO Cloud menu, select Unified Security Policy | Policy Management.

2 In the Policy Browser, select the Cloud Data Protection feature.

3 In the Cloud Data Protection feature, select the feature policy and rule to change.

4 Click the catalog menu icon. Select Import.

The Import DLP Classifications dialog box is displayed.

5 Browse to the DLP classifications file you exported from McAfee Data Loss Prevention Endpoint.

6 Click Replace.

A summary of the number of classifications imported is displayed. Also detailed are any existingclassifications that are not contained in the imported file.

7 Click OK.

The DLP classifications contained in the file overwrite all existing DLP classifications.

The DLP classifications contained in the McAfee Data Loss Prevention Endpoint file are imported intoyour policy.

Use a pick list to populate a listTo quickly add items to a list, select them from prepopulated pick lists.

Pick lists are used to select items in the catalogs for the following feature areas:

• Web Category Filter

• Web Application Filter

• Media Type Filter

Any items already included in the selected list are shown as unavailable in the pick list.




Task1 From the McAfee ePO Cloud menu, select Unified Security Policy | Policy Management.

2 In the Policy Browser, select the feature to change.


4 Click the pick list icon.

5 Select the list to which items are being added.

Depending on the list selected, the relevant pick lists are displayed.

6 Click the add icon to the right of the item to be added to the selected list.


The item is added to the list.

7 Click Save to add the selected items to the list.

Reorder the rulesMove the rules to change the order in which they are applied. The order in which rules are applieddepends on the order that they appear in your policy — rules are applied from the top down.

You cannot reorder a catch-all rule, as this type of rule has to appear at the bottom of the list.


2 Select the rule to be moved.

3 Click the feature menu icon.

You cannot reorder rules when the rule is in edit mode. If the rule is being edited, save or cancelyour changes before you reorder the rules.

4 Click Reorder Rule.

The move up and move down icons are displayed to the right of the selected rule.

5 Click either the move up or move down icons until the selected rule is in the requiredposition.

6 When the rule is in the required position in the list of rules, click Save to keep the new rule order.

Delete a ruleDeleting unwanted rules enables you to more easily organize and understand your feature policies.

You cannot delete:




49

• 'catch-all' rules

• Web Reputation rules

• Anti-Malware rules


2 Select the rule to be deleted.

3 Click the Action menu icon and select Delete Rule.

4 Click Delete to confirm the deletion.

The rule is permanently deleted from the policy.

Change a feature policyYou can change feature policies to meet your protection requirements.

Tasks• Edit the Policy Details on page 50

From the Policy Details pane, you can edit the policy name.

• Create a block page on page 51Block pages are displayed when your users are prevented from accessing a particular URL,document, or other web request. You can create different block pages for individual featurepolicies.

• Edit a block page on page 52Block pages are displayed to the users when their web request is blocked. You can edit thecontent of the block pages to be relevant to the needs of your organization.

• Select a different block page on page 53Block pages provide information to your users about web requests blocked by yourconfigured rules and policies. Select suitable block pages for each feature policy.

Edit the Policy DetailsFrom the Policy Details pane, you can edit the policy name.

Task1 From the policies drop-down list in the feature header of the policy browser, select the feature

policy to be changed.

2 Click the feature policy name, for example Limited, or Permissive.

The Policy Details pane is displayed.

3 In the Policy Details pane, click in the text box and change the name of the feature policy.

For some feature types — for example, Cloud Data Protection — you can also enable options specific tothat feature.

4 Click Save to keep your changes.




Create a block pageBlock pages are displayed when your users are prevented from accessing a particular URL, document,or other web request. You can create different block pages for individual feature policies.

Before you beginMake sure that you have selected the policy that is to have a new block page created.

Two methods exist for creating a block page:

• Create a block page using the New Block Page option.

• Select an existing block page and create a copy.

This task shows the process to create a block page, and documents the options to create a block pageby copying an existing page.

Task1 From the policies drop-down list in the feature header of the policy browser, select the feature

policy to be changed.

2 Click the feature policy name, for example Limited, or Permissive.


3 Click the block page edit icon in the Policy Details pane.

The Block Page Catalog is displayed.

4 Click the menu icon beside the currently selected block page and select New Block Page from thepop-up menu.

To create a copy of an existing block page, first select the block page to be copied, click addblock page, then select Copy Block Page from the pop-up menu.

Depending on your selection, the New Block Page or the Copy Block Page dialog box is shown.

To view the block page editor at the full size of your browser window, click the maximize/minimize icon.

5 If needed, specify or change the name for the block page.




51

6 Using the provided tools, create the block page.

You can edit the name of the block page, and change the content and formatting of the message.

Use tokens in the block page to reflect information about the web requests that trigger the blockingaction and the block message.

Table 2-9 Available tokens for use in block pages

Token Description

{URL} The requested URL.

{REASON} A combination of the reason for the block action and the specifics ofthe reason.

{IP} The IP address of the client system.

{RULE} The name of the current rule.

{URL_CATEGORIES} A list of categories that the requested URL matches.

{URL_REPUTATION} The reputation score for the requested URL.

{MEDIA_TYPE} The Media Type classification for the requested file.

{MALWARE_PROBABILITY} The probability that the file is malicious.

{MALWARE} Information about the detected malware

{APPLICATION} The name of the web application.

{USERNAME} Information about the user that made the web request.

{PROXYNAME} Details of the proxy used (if applicable).

To include a logo in the block page, insert a link to the image using the hyperlink tool.

Each block page has a maximum content limit of 1 MB.

7 Click Save.

You can save empty block pages.

8 To use the newly created block page for the selected policy, click the add block page icon to theright of the block page.

9 Click Save.

Edit a block pageBlock pages are displayed to the users when their web request is blocked. You can edit the content ofthe block pages to be relevant to the needs of your organization.

Task1 Click the feature policy name, for example Limited, or Permissive.





2 Click the menu icon beside the currently selected block page and select Edit Block Page from thepop-up menu.

You can switch between the default plain text view of your block page message, or you

can view the underlying HTML code. To move between these views, click the sourceedit icon.

To view the block page editor at the full size of your browser window, click the maximize/minimize icon.

3 Using the provided tools, edit the block page.

You can edit the name of the block page, and change the content and formatting of the message.

Use tokens in the block page to reflect information about the web requests that trigger the blockingaction and the block message.

Table 2-10 Available tokens for use in block pages

Token Description

{URL} The requested URL.

{REASON} A combination of the reason for the block action and the specifics ofthe reason.

{IP} The IP address of the client system.

{RULE} The name of the current rule.

{URL_CATEGORIES} A list of categories that the requested URL matches.

{URL_REPUTATION} The reputation score for the requested URL.

{MEDIA_TYPE} The Media Type classification for the requested file.

{MALWARE_PROBABILITY} The probability that the file is malicious.

{MALWARE} Information about the detected malware

{APPLICATION} The name of the web application.

{USERNAME} Information about the user that made the web request.

{PROXYNAME} Details of the proxy used (if applicable).

To include a logo in the block page, insert a link to the image using the hyperlink tool.

Each block page has a maximum content limit of 1 MB.

4 Click Save.

You can save empty block pages.

Select a different block pageBlock pages provide information to your users about web requests blocked by your configured rulesand policies. Select suitable block pages for each feature policy.

Task1 Click the feature policy name, for example Limited, or Permissive.





53

2 In the Policy Details pane, click the Block Page edit icon.

The Block Page Catalog appears, showing the available block pages.

3 Click the add icon for the required block page.


4 Click Save to keep your changes.

Change Policy AssignmentEach feature can have only one active feature policy applied to it at a time. Use this task to changethe feature policy assigned to a feature.

Before you beginEnsure that the feature has at least two feature policies configured.

Task1 To view the available policies, select the relevant key feature area, and click the policy drop-down

arrow.

By default, the currently activated policy is selected.

2 Select the required policy from the list.

The key feature header bar expands, displaying the Activate Policy button.

3 Click Activate Policy.

The Change Policy confirmation dialog box is displayed.

4 Click Yes to confirm that you want to change your active policy for the selected key feature.

The Policy Assignment changes to the newly selected feature policy.

View audit logsDetails of the changes made to your policies are logged on the McAfee ePO Cloud Audit Log page.

Each time a policy or rule is created, changed or deleted, or when rules are reordered, details of thechanges are included in the McAfee ePO Cloud Audit Log.


View audit logs


Task• To find specific entries, select the required time period from the Preset drop-down list, or use the

Quick find field. Click Apply.

Quick find searches through the User Name, Priority, Action, and Details fields.

Details of the changes to policies and rules are shown for the selected parameters. These detailsinclude the ID for each entry, and the hierarchy of the object or rule.

Tasks• Export the audit logs on page 55

You can export the information contained in your audit logs for analysis outside of McAfeeePO Cloud.

Export the audit logsYou can export the information contained in your audit logs for analysis outside of McAfee ePO Cloud.

Before you beginEnsure that you are viewing the audit logs from User Management | Audit Log in McAfee ePOCloud.

Task1 Search for the specific entries of interest by selecting the required time period from the Preset

drop-down list, or using the Quick find field. Click Apply.

2 Click the Actions drop-down button, and select Export Table.

3 Define the configuration information for the exported information.Option Description

Compress files To export all files in one .zip file, select this option.

File format Select the format for the exported information.

If you select PDF output, define the page size and the page orientation.You can also include information about your selected filtering criteria, andadd a cover page to the PDF report.

What to do with exportedfiles

Enter the Recipients details, the Subject, and other information as required forthe email message Body.

4 Click Export to send the audit logs using your selected criteria.

Error conditionsWhen working with products that include interactions with web servers, some potential errorconditions can occur. These error conditions can also be caused by multiple administrators makingconcurrent changes to policies.

These error conditions typically fall into one of the following categories:


Error conditions 2


55

• Data errors

• Network connection errors

• Saving errors

Data errorsData errors occur when data is unavailable or cannot be found.

Typical reasons for these data errors are:

• The requested data has been deleted or cannot be found.

• A server-side error occurred while processing the data request.

If a data error occurs, you are presented with an error message telling you the data is unavailable.This message provides you with a Reload button to attempt to reload the data. If the data is still notavailable, you are informed that the retry was unsuccessful.

If the requested data was previously deleted, the error message gives information about the deleteddata.

Network connection errorsAs with many web services, there is potential for communication errors between the system you areusing, and the web server and database hosting the services.

Often, network communication errors are short-lived, and the service automatically reconnects whenthe communication is restored. When experiencing connection errors, you are presented with theoption to manually retry the connection.

If you navigate away from the current page before network connections are re-established, you loseany unsaved changes.

Saving errorsSaving errors occur when an administrator clicks Save, but the save is unsuccessful.

Reasons for a save being unsuccessful include:

• A general error occurs where the server was busy or overloaded.

• Somebody else deleted the rule before you attempted to save it.

• An object within the rule being saved no longer exists.


Error conditions


Index

Aabout this guide 5actions

adding to rules 43

changing 44

primary rule 44

removing from rules 45

Active Directorysynchronization 37

Application Details card 21

Applications List card 17

Applications Overview card 19

audit logsexporting 55

viewing policy changes 54

Bblock pages

creating 51

editing 52

selecting 53

box 23

box services 23

configuring 23

setup 23

Ccard

Application Details 21

Applications List 17

Applications Overview 19

events 19

summary 15

Catalog pane 36

catch-all rules 35

certificatesSSL 37

changing actions 44

Cloud Protection Workspace page 15

Viewing data 28

colors for risk levels 16

complex rules 40

configuring box services 23

configuring SharePoint services 23

conventions and icons used in this guide 5

DDashboards page 28

Details panepolicy 30

rules 33

documentationaudience for this guide 5product-specific, finding 6typographical conventions and icons 5

Eerror conditions 55

data errors 56

network connection errors 56

saving errors 56

events card 19

Exceptionsunderstanding 35

Iimport log files 25

Llists

policy 45

URL 45–47

log filesimport 25

import from third party sources 25

MMcAfee ServicePortal, accessing 6Media Type

creating lists 45

Microsoft SharePoint 23

Microsoft SharePoint Services 23

Oobject details 35



57

Ppick lists 48

policy areasassigning policies to 54

changing 50

rules 38

viewing 30

Policy Browser 29

policy details 30

editing 50

policy listscreating 45

policy rulesadding 39

changing 41

creating by importing a URL list 39

deleting 49

enabling or disabling 42

reordering 49

viewing 32

QQueries and Reports page 28

Rrequirements for log files 25

risk levelscolors 16

Risk types 16

rule actionsadding 43

primary 44

removing 45

rule details 33

changing 43

rulescatch-all 35

rules (continued)complex 40

SServicePortal, finding product documentation 6setting up box services 23

setting up SharePoint services 23

SharePoint servicesconfiguring 23

setup 23

SSL certificates 37

summary card 15

Ttechnical support, finding product information 6Types

Risk 16

UUnderstanding exceptions 35

URL listsadding to 45

creating 45

editing 46

exporting 47

importing 39, 47

user groups, local 37

adding 37

editing 38

using exceptions 40

WWeb Application

creating lists 45

Web Categorycreating lists 45

workflows 25

McAfee Cloud Data Protection Beta Release 21-Mar-2017Index


2017-03-00

mcafee cloud data protection solution guide for use with...

Documents