Integrate Data Insight with the Enforce Server
Created: 19 Jul 2012 | Updated: 25 Jul 2012 | 16 comments
This issue has been solved. See solution.
New to SYMDLP, and wondering what values to input from the Data Insight mgmt console for the Data Loss Prevention Settings tab.
Host - Got it
Port - I assume 443
Username - ?
Saved Report ID ?
Unfortunately I cannot find any help from the guides or from help.
Discussion Filed Under:
Group Ownership:
Comments 16 Comments • Jump to latest comment
To configure the connection to the Symantec Data Insight Management Server
1 On the Enforce Server, click System > Settings > Data Insight.
If Symantec Data Insight is not licensed on the Enforce Server, this menu
option does not appear.
.
2 Click Configure.
3 Enter the Host Name of the Symantec Data Insight Management Server.
4 Enter the Port number of the Symantec Data Insight Management Server.
The default is 443.
5 Click Retrieve Certificate.
This retrieval sends a request to the specified Symantec Data Insight
Management Server to obtain its SSL certificate.
6 View the certificate that is returned from the Symantec Data Insight
Management Server, and confirm that it is the correct certificate.
7 Enter the log on information to the Symantec Data Insight Management
Server.
Select Use Saved Credentials to use a credential that is saved in the
credential store.
Then enter the name of the saved credential.
Select Use These Credentials to enter the credentials here.
Enter the Username and Password, and Re-enter Password.
8 To verify the connection to the Symantec Data Insight Management Server,
click Test Connection.
this is also under the documentation for DLP to be downloaded "data insight implementation" with the software
I mean from the insight server...I have these steps completed from the Enforce Server
At the Insight server\Setttings\Data Loss Prvention there are values.
Data Loss Prevention settings
Hostname/IP address of DLP server:
Port:
Username:
Password:
Saved Report ID:
Thanks!!
I've been so focused on the admin and install guides I didn't check the implementation guide.
Just following up did you get this all taken care of? If not please let us know so we can help out :)
Jonathan Jesse Practice Principal ITS Partners
Thanks for the follow up.
No I have not.
I do have the Enforce Server configured with the Insight Server, but not the other way around.
From Data Insight Server\Setttings\Data Loss Prenvention there are these settings:
Data Loss Prevention settings
Hostname/IP address of DLP server: - No brainer
Port: - I assume 443
Username: - Can this be an AD user or stored credentials or local Enforce Admin???
Password:
Saved Report ID: - No clue where this Saved Report ID comes from.
The documentation kinda stinks in my opinion... Needs a lot of work. I think I got it to work via trial and error
User has to have access to the reporting api, its a check-box in the roles if I remember off the top of my head. I think I used a non-windows user name, an internal user name. Of course I had to create that before enabling AD authentication
If you run a report (Incidents -> Discvoer -> All Incidents) it shows an ID in the address bar, you should see a report ID there
I'm trying to remember its been a bit since I've implemented Data Insight for a customer
Hope that helps
Jonathan Jesse Practice Principal ITS Partners
Thanks again, I'm pretty sure I have all my ducks in a row, and did find the Report ID by enabling my status bar in IE. But still can't get the connection.
I'm going to open a ticket - maybe by tuesday I'll hear from someone..ugh.
sorry i couldn't help better, would you mind updating this post when you get it all resolved so we all know what was the solution?
Like I said its been a couple of months since I've last implemented this and can't find my notes :(
Jonathan Jesse Practice Principal ITS Partners
Will do, and I appreciate the help.
Hi.
So, just to be sure, you have the following setup:
If above still cannot connect, I would expect there is an equivalent to Tomcat logging on DI to review errors?
Have you confirmed that you can login to the DLP console directly with the credentials you are using? If not, I don't believe the Reporting login will succeed.
Note that provided the user exists in DLP - a login to the DLP console will usually succeed, even if the role has incorrect privileges. But once logged in the expected rights won't allow the user to do everything.
Hope that helps!
--Stephen
Thanks for helping...
I did import the cert, checked reporting api, have folder risk reporting checked, assigned the role, can login with account, AD auth is enabled and using the domainname\user id.
port is 443?
when I test connection it quickly comes back with:
Is Enforce box on Linux? If so, try 8443.
Also, just found a KB about DI servername vs. IP - if servername is on Certificate, but IP is what DLP has entered for DI, you will get connection failure.
Not sure whether the below is the DLP=>DI or the DI => DLP connection, but here's what I found in uor internal (DRAFT) knowledgebase:
DI (Data Insight) fails to connect to DLP. IP or DNS name must match
• Vontu Enforce Enforce
Not sure about beyond that, but do confirm your versions are compatible:
Thanks for helping...
I am using hostname, and have since open a case. The TSE has confirmed it "should" be working..and we've tried several variations of credentials...he's going through the logs now.
In order to get this to work you still need to import the DLP certificate into the DI server. The conversation is a 2 way street. You have already pulled the DI certificate to DLP (mentioned in previous post), now you need to do the same for DI.
Without this the connection will not work..
This process is outlined on page 40 of the Admin Guide. I have attached the portion of the document you should need.
You will need to download the DLP certificate and then import it into the Data Insight server using the keytool program.
Hope that helps.
P.S. You should try and do all of this AFTER you have generated your own SSL certs for both the DLP and DI servers. If you are going to do that.
Please make sure to mark this comment as a solution to your problem, when possible.
Thanks for the response and attachment, I have imported the .cer from the dlp server to the di server using keytool. In fact the TSE had me delete and re-import with the same results.
to your PS statement....are you saying this will only work after I've created my own SSL certs?
With SymSupport we determined SDI wanted the Enforce local admin credentials.
Would you like to reply?
Login or Register to post your comment.