Data Loss Prevention

 View Only

  • 1.  Incidents duplicate in DLP

    Posted Jul 30, 2013 08:14 AM

    Hello, this my first post. Tks!

    I need help in the following case:

    I have an environment running DLP 11.6 and some incidents are being duplicated in the Network Monitor.

    Can someone please help me with this issue?

    Thank you.

    Rrosa.



  • 2.  RE: Incidents duplicate in DLP

    Trusted Advisor
    Posted Jul 30, 2013 10:21 AM

    hello

     do you have only one network monitor ? do you have only one policy ?

    depending on your architecture it can happens than :

    - Each network monitor raise an incident

    - One mail matches more than one policy. So you will have as many incident as matching policies.

     

     regards



  • 3.  RE: Incidents duplicate in DLP

    Broadcom Employee
    Posted Jul 30, 2013 02:14 PM

    Hello,

    It is possible that your Network Admin has improperly configured the SPAN/TAP Port. You may need to do a packet capture and send it to support for analysis. We have a traffic analysis tool that detects traffic anamolies.

    Best,

    Ryan



  • 4.  RE: Incidents duplicate in DLP

    Posted Jul 31, 2013 05:16 AM

    Hi Rrose,

    please chcek whether multiple policy creating incidents on same data/files as there might be duplicate DLP incident are creating diffrent policies as per condition and regular expression.

    you need to add anyof 1 policy in excepetion in incident genration rule.

    e.g like in credit card match rule  and regular expression for account number may generate duplicate incident for same file as per there match rule.



  • 5.  RE: Incidents duplicate in DLP

    Posted Aug 06, 2013 03:03 AM

    I agree with Ryan. It is most likey due to incorrect morrioring or TAP configuration.