Unexpected Audit log entries during DLP backup with OPG
Last Modified: 2023-03-29 14:44:00 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Unexpected Audit log entries during DLP backup with OPG
Technical Articles ID:
KB96437
Last Modified: 2023-03-29 14:44:00 Etc/GMT Environment
Data Loss Prevention Extension (DLP Extension) - all supported versions For supported environments, see KB68147 - Supported platforms for Data Loss Prevention Endpoint. ProblemThe ePolicy Orchestrator audit logs lists "[DLP] Settings Changed" entries when the DLP policy backup is triggered with OPG objects included.
Cause
When the DLP policy is backed up with OPG objects, multiple database operations get executed in the background as part of the process. This triggers the said audit logs and leads to misinterpretation of global configurations, such as the DLP Settings being modified.
SolutionIgnore these audit logs as settings aren't being changed automatically. This behavior is as designed and we'll soon release an update to address this issue in the meantime.
Affected ProductsLanguages:This article is available in the following languages: |
|