Data Loss Prevention

 View Only

  • 1.  Incident Data Dump from Oracle

    Posted Oct 03, 2013 02:16 PM

    We are looking to get an incident detail dump from the back end Oracle. Support has said that only possibility is using the API, but we dont want to spend considerable time doing it. So if anyone had luck building a sql query or likewise would like to share the same, it would be great.

     

    thanks

    Sachin



  • 2.  RE: Incident Data Dump from Oracle

    Posted Oct 03, 2013 04:40 PM

    The easiest way to do this is through the interface using the XML option. 



  • 3.  RE: Incident Data Dump from Oracle

    Posted Oct 03, 2013 05:10 PM

    Do you mean without using the API? You mean the web archive option? 



  • 4.  RE: Incident Data Dump from Oracle

    Trusted Advisor
    Posted Oct 04, 2013 01:58 AM

    Hi

     normally it is not (for security reason) possible to access incident content through database export. But depends on which information you really need (message content ? attachment ? incident notes/history ? other ?)

    The best way to do it is :

    - a webarchive : it will export in archive directory on enforce server all incident processing information (history, notes,...) and also email content (as an eml file and a list of attachment). Just create a report with your incident and in system/webarchive you can create it. Be sure to dont let it store on your enforce server as all admin can access this directory.

    - an xml export of the incident : not so easy to read if you need to send it like that to an external party.

    - a csv export : does not contains lot of information (no message content) but easy to do and to use

    from my knowledge using web service API wont allow you to export message content (and it is available only from 11.6)

     

     regards

     



  • 5.  RE: Incident Data Dump from Oracle

    Posted Oct 04, 2013 03:26 PM

    Thanks Stephanie, the information received via csv somehow seems limited. It doesnt capture history, notes and also reviewer information and status changes which can be also used for SLA reporting.

    I was hoping to get all that information in one place. I definitely dont need the actual attachment, bt only information on what was triggered in certain cases were keywords are used in policies. It high lights in the incident, but doesnt store that information. 

    The web archving seems to export the actual attachments as well and creates an html file. The html filesare not very handy. I will try to iimport into excel and see if that helps though. Mine is currently running.

    I was hoping that someone found a way to query the db and get this.



  • 6.  RE: Incident Data Dump from Oracle

    Posted Oct 04, 2013 04:25 PM

    If you do the same export you did with the CSV and choose the XML option you will get more of the data.  You will get things like what was matched on ect.  This is the easiest way I know of to do this.



  • 7.  RE: Incident Data Dump from Oracle

    Trusted Advisor
    Posted Oct 05, 2013 01:22 AM

    I used to export xml to and process it with external script in order to use note and history cause xml export by itsef is not so readable. I use that for SLA, control that people involved in incident assessment didnt hide or miss a real data leakage,... But you also have access to keywords which match your message and generate the incident.

     So if i understand your goal, you need to use xml export and process it.



  • 8.  RE: Incident Data Dump from Oracle

    Broadcom Employee
    Posted Oct 05, 2013 07:10 AM

    I think you can use Web Archive to dump the incident data.



  • 9.  RE: Incident Data Dump from Oracle

    Posted Oct 07, 2013 01:23 AM

    DLP Incidents stored in the Oracle db are encrypted. These are intentionally encrypted so that information about Data Loss Incidents cannot be stolen/accessed by unauthorized personnel.

    Web archive is a good option, but will not show incident attachments.