Data Loss Prevention

 View Only
  • 1.  Generate an incident on database column only

    Posted Aug 13, 2012 09:58 PM

    Ok dealing with a slightly unusal use case for Symantec DLP, at least unusal for me...  I would like to write a policy or somehow use DLP in a Discvoer Scan against a group of SQL databses that might have a column in thme, example "Name."  What I am seeing in my brief test is that for each row that the column Login Name is an incident is generated, so if I have 1 million rows, it generates 1 million incidents, reading each row contains the column name "Login Name"

    So what I would like is during my Discover scan it comes across the "Last Name" column, see it is violates my policy, create an incident and move on to the next table, read it has "First Name" as a column name, and creates an incident, all the way through the database.

     

    Possible?

     

    Thanks



  • 2.  RE: Generate an incident on database column only

    Posted Aug 14, 2012 07:53 AM

    Just thinking out loud here, what if you enabled Inventory Scanning for that particular policy? Would that get you what you're looking for?

    Aaron



  • 3.  RE: Generate an incident on database column only

    Posted Aug 14, 2012 10:22 AM

    Aaron,

    From my understanding each policy would then be evaulated and inventory scanned and not just my Column Name policy?  So I would probablly have to create a seperate poliicy group and apply it to the discover target and then run it?

    Just curious, its been a long time since I ran just an inventory scan



  • 4.  RE: Generate an incident on database column only

    Posted Aug 14, 2012 10:27 AM

    Right. I would create a policy group just for this and assign it to run for that DB scan. I think that's going to be the easiest way to accomplish it.

    Aaron