Data Loss Prevention

 View Only
  • 1.  DLP 12.5 IDM with remote SMB share - Full or incremental ?

    Posted Aug 12, 2015 01:34 AM


    Hi all,

    Would you please consider the scenario below and advise on the question that follows:

    - DLP admin creates a document profile pointing to remote SMB share, where the business information owners can drop file they would like indexed.
    - Day 1 - 2pm - the Information owner dump hundreds of documents in the nominated fileshare (\\servername\Docs_to_be_Indexed)
    - Day 1 - 6pm - DLP IDM scheduler runs daily and indexes the content of the SMB share .
    - Day 1 - 9pm - AdHoc vbscript deletes the content of the SMB share because the information is very senstive and cannot be left in the location (inadequate security controls)
    - Day 2 - 3pm - the Information owner dump a new batch of new documents in the nominated fileshare
    - Day 2 - 6pm - DLP IDM scheduler runs and indexes the new content of the SMB share.

    Question: On day 2 from 6pm onward, would the document profile still contain hashes for the set of documents indexed on Day 1 ? or would it only contain hashes for the set of documents indexed on Day 2 ?

    Cheers,

     

    Cedric.



  • 2.  RE: DLP 12.5 IDM with remote SMB share - Full or incremental ?

    Posted Aug 17, 2015 04:12 AM

    Morning,

    As far as I know the IDM index would just contain day 2 information and as the index has been refreshed. 

    In my scenario we have people who use it as a "to be blocked" list of documents the rules are if it is in folder x on drive y it will be blocked by DLP policy if you no longer want it blocked then remove the file from the folder and when the reindexing occurs just the files left in the folder will be triggered. 

    Kind Regards,

    Jeremy MacMull



  • 3.  RE: DLP 12.5 IDM with remote SMB share - Full or incremental ?

    Posted Aug 25, 2015 11:19 PM

    Thanks Jeremy.

    Further testing confirmed this is the case.



  • 4.  RE: DLP 12.5 IDM with remote SMB share - Full or incremental ?

    Trusted Advisor
    Posted Aug 27, 2015 02:02 PM

    Please make sure to mark this as a solution to your problem, when possible.