This section describes how to use the iConsole to search for NBA network events. These events are defined as files, including FTP file transfers and IM or Webmail attachments, captured by CA DataMinder Network as they enter or leave the corporate network.
For network events, you can search by:
You can search by machine IP addresses to identify files originating on or sent to a specific machine. For file uploads or downloads, or files sent via IM conversations, you can also specify the name of the associated web server.
You can search for files captured on specific communication channels:
You can specify more detailed channel information in the Title or Subject field.
Use this field to search for specific file types or filenames, such as *.PDF or *.DOC files.
For network events, the event title incorporates the channel type (such as HTTP-POST) and the filename. This allows you to use this field to search by channel. Event titles take this format:
<channel>:<original file name>
where <channel> can be:
FILE-AIMICQ FILE-JABBER FILE-MSN FILE-SIP FILE-YAHOO FTP FTP-GET FTP-PUT HTTP-GET HTTP-POST HTTP-URL SMB AOLMAIL-ATTACH GMAIL-ATTACH HOTMAIL-ATTACH LIVEMAIL-ATTACH YAHOO-ATTACH
For example, to search for any PDF files sent as attachments to GMail emails, you set the Title or Subject field to:
GMAIL-ATTACH:*pdf
Note: The filename modification happens after the files have been imported from the NBA and processed by policy engines.
Important! To search for network events by user or group, you must first have associated source machine IP addresses with your CA DataMinder users. You can then search by user or group in the normal way.
|
Copyright © 2014 CA.
All rights reserved.
|
|