The McAfee DLP/McAfee MVISION Cloud integration has two parts. McAfee DLP synchronizes classification definitions with McAfee MVISION Cloud. This operation takes place automatically when a McAfee DLP classification definition is added or changed if synchronization is enabled in the DLP Settings. Users working in the cloud can use the McAfee DLP classifications to manually classify Microsoft Office 365 documents.
Cloud-based files with classifications that trigger incidents due to McAfee MVISION Cloud protection rules are pulled into the McAfee ePO database with a regularly scheduled server task and appear in DLP Incident Manager.
The incidents can be used for analysis and reporting in DLP Incident Manager and can be assigned to cases. However, they can only be resolved or updated in McAfee MVISION Cloud.
1. Customers A and B create classification definitions and synchronize them with the McAfee MVISION Cloud server.
2. McAfee MVISION Cloud applies the classifications to protection rules and applies them to content for users working in the cloud.
3. Incidents are synchronized with McAfee ePO and displayed in DLP Incident Manager.
Configure MVISION Cloud
Before you begin: Enable the McAfee™ MVISION Cloud integration feature by configuring the MVISION Cloud Server page in DLP Settings and enabling the Connect to MVISION Cloud service handler.
To configure MVISION Cloud in ePO:
McAfee DLP can synchronize Classification definitions with McAfee MVISION Cloud and incidents from the cloud with DLP Incident Manager. The two functions can be enabled separately.
- From the McAfee ePO menu, select Data Protection > DLP Settings.
- On the MVISION Cloud Server tab, do the following:
- Select the Connect to MVISION Cloud service checkbox.
- Enter the server path, user name, and password. Click Test Connectivity. The Connection status indicator displays success or failure.
- To enable synchronization of McAfee DLP classifications, select the Push classification information to MVISION Cloud checkbox. Click Sync Classifications. The Status section displays information on the synchronization: time of synchronization and number of classifications sent.
- To enable reporting McAfee MVISION Cloud incidents in DLP Incident Manager, select the Pull incidents from MVISION Cloud checkbox. Incidents are only pulled when the server task is enabled (steps 3 and 4).
- Click Save.
- From the McAfee ePO menu, select Automation | Server Tasks.
- Locate the task DLP Import MVISION Cloud Events and click Edit.
- On the Description page, in the Schedule status section, select Enabled.
- On the Actions page, verify that the checkbox is selected.
- On the Schedule page, accept the default settings or edit as needed.
- On the Summary page, verify the settings, then click Save.
Create a Policy in MVISION Cloud
Once you've enabled ePO-MVISION Cloud integration within ePO, and allowed classifications to be synced with the cloud, a new option called McAfee Classification appears under Classification selection in the Rules section. You can select an option from the list of Classifications when creating or updating a DLP policy.
To create a Classifications DLP Policy in MVISION Cloud:
- Choose Policy > Create Policy or Edit Policy.
- Enter a name for the policy, and an optional description.
- Select the 'Content Type' as 'Unified Cloud Edge'
- Under Rules, click Add Rule, then choose Classification, and then McAfee Classification.
- For Name, choose the name of the Classification you'd like to include in the policy.
- Choose the rest of the settings in the policy, and then click Save.