Using Linking Service

In addition to providing IP-address to user-name resolution for HTTP incidents, Linking Service allows Forcepoint DLP to import Forcepoint Web Security predefined and custom URL categories. These categories can then be added as resources in DLP policies so that you can map URLs to categories and view them in incident reports.

Steps

  1. Note the IP address and port of the Linking Service machine. This is added automatically during installation.
  2. Make sure that Enabled is selected.
  3. Click Test Connection to test the linking connection. A confirmation message is returned.

    If connection fails, enter the IP address or hostname of the Linking Service machine, and the connection Port (56992, by default), then test the connection again.

    Note:

    If the IP or port are invalid and the import fails, any currently existing categories already mapped are deleted. To correct this situation:

    1. Enter a valid IP and port, and then click OK.
    2. Click Deploy
    3. Go to Resources > URL Categories, and click Upload to get the most updated URL category list.

Next steps

Dynamic user name resolution and category mapping are enabled by default when you install Forcepoint DLP. If you are experiencing significant latency during content analysis, edit the service Properties to limit the use of Linking Service to the most important functions. Only change these settings if the connection between your data and web solutions is poor.

  1. Under Incident Reports, mark Show user names in incident reports to have user names to display in incident reports rather than IP addresses. This may make it easier to determine who is moving sensitive data.
  2. Mark Show URL categories in incident reports to display URL categories rather than URLs in reports. For example, instead of http://www.cnn.com, reports might display News and Media.
  3. Under Content Analysis, mark Resolve user names when analyzing content to have the system resolve IP addresses to user names when it is analyzing transactions.

    Use this option if there are rules that include or exclude user names as a source. For example, block John Doe from posting the document MyDoc.doc to the Web.

    If there is a match, the rule is triggered.

  4. Mark Map URL categories when analyzing content to have the system to map URLs to categories when it is analyzing transactions.

    Use this option if there are rules that include or exclude URL categories as a destination. For example, block John Doe from posting the document MyDoc.doc to News and Media sites.

  5. Click OK to save your settings.