Data Loss Prevention

Looking for solutions from experts:

In DLP we are using Discover scanning to scan shares on Windows and NetApp filers. Currently there are 4 target scans running, each using one discover server. There are approximately ~180K new incidents. Now we are planning to add 10 new discover servers/targets, each server will have ~ 100 root shares. Some of the old target shares are included in the new targets, and our concern is duplicate incidents. We can exclude the shares/files from the new target scan but we dont want to do that for audit reasons. Is it possible to map the old incident to the new target? Any other options or sugegstions ?

No not that I am aware of.  I'm not quite sure if I tested your scenario correctly as I may have misunderstood it, but let me explain what I tested and then see if it matches your scenario:

1.  Setup 3 Discover Scans with specific targets (\\server1\share1\, \\server1\share2\, and server1\share3) and had a group of incidents

2. Setup a Discover Scan against the root (\\server1\sharefolder\) which has the 3 folders under it (\\server1\sharefolder\share1, \\server1\sharefolder\share2, \\server1\sharefolder\share3) which had incidents

Upon doing this (step 2) the new incidents were duplicated and didn't match up with the exsiting incidents.

Let me know if i understood this correctly or not.

Jonathan

We had this same problem.  We eventually ended up flagging all the old incidents and basically starting over with a single set of fileshares that encompassed all of our shares.