I need a solution
I have a question about how Network Monitor works with HTTP.
I know that it works great and creates incidents when a message goes from a client on the local network to a server on an outside network. So basically, when a client does a POST to an outside server.
What about scenarios where an outside user requests data from one of our webservers and we respond back with some sensitive data that matches a DLP rule(in the clear, non-https)? Would that get captured by the network monitor?
Thanks for the help, I really hope this made sense.
-Tom