Description:
When using a protector whenever the system generate incident it includes in the
details field the log-on user for the FTP session
For example it will FTP file "XYZ" from: UserY
It seems that the policy engine don't analyse this part.
The use case here is that there are some authorized users that are allowed to
upload data via FTP and others are not - as this in protector (monitoring) mode
this is the only way to distinguish between authorize/non authorize person
↧
Policy engine should analyse content in the details field (specifically for FTP)
↧