Data Loss Prevention

Is there a way to export the body of all incidents discovered in an SQL scan to a CSV file?  Currently, I need to click on Incident Snapshot and view the contents of the Body individually to identify data discovered in the scan. 

You can use Web Archive to export all the incidents of the SQL scan to a HTML format.

The steps:

Log into DLP Enforce Console --> System --> Incident Data --> Web Archive

Choose the scan from the list of 'Report to Export':

But, all the incidents will be export as HTML format, not CSV ones.

I started that database scan and selected Scan in Progress in Web Archive.  The results however, are the same as if I ran the discover interactively. 

There is a field in the Body of each incident that I want to export as this is a key field in the database of the application.  I want to be able to do this without having to open each incident.

Thank you for your continued support.

May be you can try to use the Reporting API.

The Reporting API can be used to extract the incident detail.

You can refer to this document firstly: Symantec_DLP_11.1_Reporting_API_Developers_Guide.pdf

Good Luck.

:-)

Hi,

         In the Reporting API, you can export the list of incident into the CSV, but no way to export the incidence body from the it. i thing no option available for export incidence body till now...

Good Luck..........

What's the real meaning of the 'incident body'?

By using Reporting API, you can export already all the details of an incident, please refer to the screenshot below as the Reporting API sample:

The setup and managment of Reporting API sounds beyond my expertise. 

I used SQL Query Analyzer to query the table with the desired fields and filters.