User Guide

This guide covers the day-to-day configuration and usage of Aquilon DLP. Whether you’re setting up initial monitoring, configuring compliance policies, or analyzing alerts, you’ll find the information you need here.

Sections

Configuration

Learn how to configure Aquilon DLP for your environment:

• Configuration file location and format
• Watch paths and file monitoring
• Caching and performance settings
• Removable media auto-scanning
• Performance tuning options

Policy Frameworks

Understand and configure compliance policies:

• Built-in compliance frameworks (GDPR, CCPA, HIPAA, PCI DSS, SOX, ISO 27001)
• Edition-specific policy availability
• Policy configuration options
• Creating custom TOML policies and scanners
• Rule types and composition

Monitoring

Monitor Aquilon DLP operation and analyze findings:

• Querying the osquery tables
• Interpreting alert data
• Cache status and performance metrics
• Log analysis and troubleshooting
• Integration with SIEM systems

Getting Started

After installing Aquilon DLP (see Installation), follow these steps:

1. Configure watch paths - Define which directories to monitor for sensitive data
2. Enable policies - Select compliance frameworks appropriate for your organization
3. Verify operation - Create test files and query alerts to confirm detection
4. Monitor ongoing - Review alerts, tune confidence thresholds, add exclusions

Quick Reference

Configuration File Location

Common osquery Queries

-- View recent alerts
SELECT * FROM aquilon_dlp_alerts
ORDER BY timestamp DESC LIMIT 10;

-- Count alerts by policy
SELECT policy, COUNT(*) as count
FROM aquilon_dlp_alerts
GROUP BY policy;

-- View alert details
SELECT path, scanner, severity, timestamp
FROM aquilon_dlp_alerts LIMIT 10;

Edition Policy Availability

Support

• Basic Edition: GitHub Issues
• Enterprise Edition: Contact your account representative
• Documentation: Troubleshooting Guide