The NBA stores source and destination machine details when it captures files being sent across the Internet boundary. These files can include downloads, uploads, FTP transfers, and email attachments. The mechanism for associating file events with users depends on whether the NBA is running in active or passive mode.
Socket Output Mode
In socket output mode, the NBA outputs data to policy engines via a socket connection. When the NBA passes captured files to policy engines for processing:
For files captured by the NBA, the NBA passes the IP addresses of the source and destination machines to the policy engine. Both IP addresses are then stored as event participants.
To ensure that these file events are subsequently searchable by user in the iConsole or Data Management console, CA DataMinder administrators must add these machine addresses to users' address lists in the Administration console.
For all files captured by the NBA, the policy engine always applies the default policy for files.
Disk Output Mode
In disk output mode, the NBA outputs captured files to the local disk. These files are subsequently imported onto the CMS. You can configure Event Import to associate NBA-captured files with specific CA DataMinder user accounts:
To enable reviewers to search for imported files by user, this Event Import parameter associates a single event participant with each imported file (that is, the same participant is associated with each file):
ImpFile.AssociatedParticipant
If this parameter is omitted or cannot be resolved, CA DataMinder treats it as a file with unspecified participants.
You can associate NBA-captured files with individual users. To do this, you can configure Event Import to extract the source and destination machine IP addresses from each imported file and save these IP addresses as event participants. The relevant import parameter is:
ImpFile.ParticipantsFromNBAFilename
To ensure that these file events are subsequently searchable by individual user in the iConsole or Data Management console, CA DataMinder administrators must add the these machine addresses to users' address lists in the Administration console.
This Event Import parameter determines which policy is applied:
ImpFile.PolicyParticipant
If this parameter is omitted or cannot be resolved, the policy engine applies the default policy for files.
In all cases, these parameters specify email addresses, or pseudo addresses in the case of ImpFile.ParticipantsFromNBAFilename. Linked tables in the CMS database then enable CA DataMinder to map these email addresses onto existing CA DataMinder user accounts.
|
Copyright © 2014 CA.
All rights reserved.
|
|