When a policy engine processes an NBA file or IM conversation, the resulting event is automatically associated with the source machine. Specifically, an address matching the machine’s IP address is associated with each processed event and stored in the CMS database.
This means each NBA file or IM event is associated with a ‘host machine’ address. This provides a mechanism for associating file uploads, downloads, FTP transfers and IM events with individual CA DataMinder users. In CA DataMinder terms, these machine addresses are referred to as ‘pseudo user addresses’.
Important! This mechanism only works if your organization assigns static IP addresses to users’ computers. This mechanism does not work if your organization uses DHCP and introduces CA DataMinder security risks due to reassigned IP addresses.
Specifically, if an IP address is reassigned to another user’s workstation, this can compromise CA DataMinder 's security models based on management groups during subsequent event searches. (These security models prevent reviewers from seeing events associated with users outside of their management groups.)"
Notes
For example, the NBA captures a file being uploaded from machine 10.0.169.5. To help ensure that this file can be retrieved during an iConsole event search, add that IP address to the address list for an appropriate CA DataMinder user account. (You add new addresses in the User Properties dialog in the Administration console.)
|
Copyright © 2014 CA.
All rights reserved.
|
|