How to detect files copied with DataSecurity Plus

Start your free trial

One of the greatest threats to any organization is data leak perpetrated by trusted employees and partners. To combat the ever-increasing insider threat, you need to monitor all file activities, especially file copy actions. With DataSecurity Plus, you can now audit, monitor, and alert on all file copy events.

Steps to audit and report on file copy-and-paste events:

  1. Download and install DataSecurity Plus.
  2. Open the DataSecurity Plus console.
  3. Select Endpoint DLP from the application drop-down. Go to Configuration > Devices.
  4. In the Configured Workstation(s) page, click Add Workstation(s) in the top-right corner.
  1. Select your domain.
  2. Select the + symbol next to the Select Workstation(s) text box, and add the workstations that you want to audit and secure.
  3. Select File Copy Auditing.
  4. Click Install Agent and Finish.
  1. Navigate to Reports. Under Source Based Reports, select File Copy and Paste Report.
  2. Select the desired time range over which file copy events are to be monitored using the Periods drop-down.
  3. The report displays all files copied during local or remote access.

Steps to selectively monitor when sensitive or large files are copied:

  1. In the DataSecurity Plus console, select Endpoint DLP from the application drop-down.
  2. Go to Configuration > Audit/ Alert Profiles > Report Configuration.
  3. Choose Clipboard from the available audit profiles.
  4. Select Edit for the File Copy Auditing - Clipboard audit profile.
  1. The audit profile is predefined with an appropriate name, source, and description.
  2. Navigate to the Criteria section and add these filters under the Include tab:
    • Actions: Files copied.
    • Users: All
    • File classification*: Restricted
    Note: Use other criteria such as File Type, File Size, File Name, and more to selectively monitor critical data being copied.
  3. Use the Exclude option to exempt trusted users, groups, or nonessential files from the File Copy and Paste Report.
  4. Click Save.

Steps to generate instant alerts when sensitive files are copied in bulk:

  1. In the DataSecurity Plus console, select Endpoint DLP from the application drop-down.
  2. Go to Configuration > Audit/ Alert Profiles > Alert Configuration.
  3. Choose Clipboard from the available Alert Profiles.
  4. Select the Edit option for the Sensitive Files Copy Monitoring and Response - Clipboard alert profile.
  1. The alert profile is predefined with an appropriate Name, Source, Description, and Severity.
  2. Navigate to the criteria section and add these filters under the Include tab:
    • Actions: Files copied.
    • Users: All
    • File classification*: Restricted
    Note: Use other criteria such as File Type, File Size, File Name, and more to selectively monitor critical data being copied.
  3. Use the Exclude' option to exempt trusted users, groups, or nonessential files from the File Copy and Paste Report..
  1. Under the Threshold tab: 
    • Check Enable.
    • Specify the desired threshold value (e.g., configuring "100 events in 1 minute by any source" will raise an alert when 100 or more files are copied/pasted in under a minute.)
  2. Note: The threshold limit can be customized to your organization's needs.
  1. Under the Response tab:
    • Within the Email tab, check Enable email notification.
    • Specify one or more email addresses you would like to send alerts to.
    • Set email Priority to High.
    • Add in an appropriate Subject and Message for your email.
    • Limit the number of mails sent based on your business requirements.
  2. Click Save.

You have now successfully configured DataSecurity Plus to audit, alert, and respond to sensitive files being copied.
*File classification: Files need to be classified manually based on their sensitivity as Public, Internal, Sensitive, or Restricted.

Alert Email for bulk file copy

Ensure data security and integrity with the help of ManageEngine DataSecurity Plus.

 
Email Download Link