Video Screencast Help

How to: Searching specific data through incidents

Created: 28 May 2014 | 6 comments
Goltrek's picture

I have a DLP 12 platform with Enforcer + Endpoint agents.

We configured some rules to detect incidents, related to financial data.

We'd like to search across incidents to find any entry that matches with specific data. i.e. "we need to find any incident related to a specific credit card number".

It's possible to get that results only with Enforcer + Endpoint Server + Endpoint Agents?

If yes, can you explain me how to do that?

Thank a lot in advance.


Operating Systems:

Comments 6 CommentsJump to latest comment

AMyers6671's picture


A very similar question was asked here:

You may find it helpful to export incidents out as XML and then search keeping in mind you may create an incident by pulling this data since the sensitive data would be in the clear.


If this post has helped you, please vote up or mark as solution to help others looking for the same data.

Goltrek's picture

Thank you Aaron (AMyers6671) 

Yes, I read that post. I figured maybe there was a more "elegant" solution to do. :)

Does Symantec have any solution for it? (maybe integrating any other product)



jjesse's picture

In the linked thread John Gruhn a Symantec employee mentions that in DLP 12.5 the Incident Reporting API will be updated to allow for searching via a webservice.  I haven't seen any release notes on this yet but am looking forward to this coming out.

DLP 12.5 is supposed to come out in June/July so maybe waiting until then and reading the release notes you will be able to do what you want

Jonathan Jesse Practice Principal ITS Partners

Jim - DLP Support Team's picture

At this time DLP does not have a "Full Context" search of details within incident snapshots.

This has been filed as an Enhancement (PM-104), slated for a future version of DLP.

Jim Martin | Sr. Technical Support Engineer |
Data Loss Prevention, Symantec

Looking for something else?
Chances are you can find it in our Knowledgebase

Symantec Corporati

Danielolima's picture

Hi Friend 

As stated above, this is a request already made ​​for the product - Enhancement (PM-104) but yet we can not use the search in the incidents for a specific data that is not in the summary of the product had the same difficulty in my environment and needed to circumvent using the filter information to improve the search, but still does not meet what we want.