How to monitor Webex chat with the Endpoint Agent
search cancel

How to monitor Webex chat with the Endpoint Agent

book

Article ID: 263419

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Endpoint Prevent

Issue/Introduction

You'd like to monitor sensitive data sent over the Webex chat - either through the chat in a Webex Meeting, or using the Messaging feature of the Webex client.

 

This can achieved by using the Clipboard monitoring feature of the Agent. This way any sensitive data copy-pasted into the Webex chat will be analyzed and incident will be raised if a match is found with a configured policy. In consequence such pasting of data can be blocked. Note that Webex utilizes different executables to run either of those.

Environment

15.8+

Resolution

1. First of all it will be necessary to enable Clipboard monitoring in the Agent Configuration. To do so navigate to System -> Agents -> Agent Configuration and chose the Configuration which is deployed in the environment.

a ) In the Configuration Window ensure that Copy and Paste are enabled (checkbox marked)

b) Save your changes by clicking the appropriate button in the top section of the screen.

c) Next it is necessary to deploy the configuration changes down to the agents. To do so Navigate to System -> Agents -> Agents Groups, mark the checkbox next to any Agent Group that uses the modified Configuration and hit the "Update Configuration":

Note: The exclamation mark next to the Agent Configuration name indicates that the configuration was changed but has not yet been deployed to the agents using the "Update Configuration" button. This means that any changes made to the configuration is not replicated to the agents and will not be done automatically without using this feature.

2. Once the Agent Configuration has been adjusted it is necessary to adjust the Global Application Monitoring settings. Navigate to System -> Agents -> Global Application Monitoring to do so.


a) Webex Meetings is preconfigured already in DLP 15.8, or higher, and is named WebEx Communication Module. It is configured to monitor ATMGR executable. Locate it in Global Application Monitoring and ensure that Clipboard monitoring is enabled and that the "Paste" option is selected. After making any changes hit the "Save" button on the top of the window.

b) To monitor Webex Messaging feature it is necessary to create a new application to monitor CiscoCollabHost executable which is responsible for handling the Webex client, or at least the messaging part of it. To do so use the "Add Application" menu in the Global Application Monitoring and select the appropriate platform. In this example Windows is used. The below screenshot presents an example configuration that should work for this purpose. Any other settings besides Clipboard can be disabled. Once configured make sure to hit the "Save" button to apply the changes.

c) After modifying, or creating the applications, their settings, in contrary to Agent Configuration, will be automatically replicated down the agents at their next synchronization. By default agents communicate every 15 minutes, thus it is recommended to wait at least 15 minutes before starting with any tests

 

Additional Information

Note that enabling the Clipboard monitoring in the Agent Configuration will enable it for every application listed in the Global Application Monitoring that has the Clipboard monitoring feature enabled. This can lead to false positives if the sensitive data is pasted into applications such as Excel or Word. Before deploying the Webex monitoring as described in this article to all agents in the production environment it is recommended to perform small scale tests first to avoid any disruptions.

Powered by Wolken Software