DLP endpoint incident detection and location

I need a solution

We have a customer in China, just won the 2000 point DLP endpoint prevent. But in the implementation process encountered a serious problem:
The user’s computer is in the workgroup environment. The computer name is random. Login user name is administrator.. The IP address is assigned by the DHCP server.
In the endpoint incident . Because the computer name, IP address, and user name are not standard, we cannot find the person who violated the case.
Does anybody has any suggestions?

The DHCP allocator has detected a DHCP server with IP address %1 on the same network as the interface with IP address %2. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.
Event ID 1065 — DHCP Scope Configuration
Your computer has lost the lease to its IP address %2 on the Network Card with network address %1.
How to Use Port Control Protocol in NetScaler?
UBA Sense events are coming in as Unknown…sometimes

Posted via RSS on July 16, 2017. Article originally published by Symantec Community at https://www.symantec.com/connect.

Related:

Leave a Reply Cancel reply

Links