Skip to main content
 
 
 
Splunk Lantern

Websense

 

Websense DLP (now Forcepoint DLP Endpoint) is a comprehensive, secure, and easy-to-use endpoint data loss prevention solution. It monitors real-time traffic and applies customized security policies over application and storage interfaces, as well as for data discovery. This solution allows security administrators to either block or monitor and log files that present a policy breach, and to create policies that don't restrict device usage, but allow full visibility of content traffic. Administrators can monitor user activity inside endpoint applications, endpoint web activities, Microsoft Outlook email, and when users are copying data to external drives and endpoint devices. In the Common Information Model,Websense DLP data can is mapped to the Alerts data model.

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: 

Getting data in

Source Add-ons and Apps Guidance
Websense DLP

Splunk platform

Splunk Add-on for Websense DLP

Configuration 

About the Splunk Add-on for Websense DLP

Use Cases

Finding large web uploads