Data Loss Prevention

Hello All,

Can anyone please help me with the script/string of 'Delete Response Rule' on Network Protect.

During a scan if a file is found which was not accessed for two years, the scan flex response should delete this file and create an incident. Currently Symantec is developing this functionality.

 If anyone already implemented such function or can help with the string please.

 

Thanks...

I think you can use the quarantine function of the Network Protect. This function can move the violated documents to a quarantine server after the discover scan.

The functionality I am looking for is to execute delete function manually on an incident. The difference between Quarantine and Delete would be,

Quarantine rule moves the file to Quarantine location and

Delete rule should delete the file leaving a marker text.

Developing a Flex Response is a bit more involved than just providing a simple command string. I'd look to find a qualified, authorized partner who could develop this for you, or sell you something they may have already developed for this.  Sounds like a simple flex response, but in reality even something this simple is going to take a non-trivial amount of time to develop.

Recommendations:

(1) Use the quarantine function as described above, then purge the quarantine directory regularly (effectively deleting these files but only after having moved them somewhere else).

(2) Use some sort of batch processing using a list of file locations from DLP (all incidents where the file last accessed date is greater than 2 years old, for instance).

(3) Wait for Symantec to build this into DLP if you already know that it's on their roadmap.

~Keith