Video Screencast Help

Integrate Data Insight with the Enforce Server

Created: 19 Jul 2012 • Updated: 25 Jul 2012 | 16 comments
This issue has been solved. See solution.

New to SYMDLP, and wondering what values to input from the Data Insight mgmt console for the Data Loss Prevention Settings tab.

Host - Got it

Port - I assume 443

Username - ?

Saved Report ID ?

Unfortunately I cannot find any help from the guides or from help.

Comments 16 CommentsJump to latest comment

stumunro's picture

To configure the connection to the Symantec Data Insight Management Server
1 On the Enforce Server, click System > Settings > Data Insight.
If Symantec Data Insight is not licensed on the Enforce Server, this menu
option does not appear.
.
2 Click Configure.
3 Enter the Host Name of the Symantec Data Insight Management Server.
4 Enter the Port number of the Symantec Data Insight Management Server.
The default is 443.
5 Click Retrieve Certificate.
This retrieval sends a request to the specified Symantec Data Insight
Management Server to obtain its SSL certificate.
6 View the certificate that is returned from the Symantec Data Insight
Management Server, and confirm that it is the correct certificate.
7 Enter the log on information to the Symantec Data Insight Management
Server.
Select Use Saved Credentials to use a credential that is saved in the
credential store.
Then enter the name of the saved credential.
 Select Use These Credentials to enter the credentials here.
 Enter the Username and Password, and Re-enter Password.
8 To verify the connection to the Symantec Data Insight Management Server,
click Test Connection.

 

this is also under the documentation for DLP to be downloaded "data insight implementation" with the software

Randy Hollaway's picture

I mean from the insight server...I have these steps completed from the Enforce Server

At the Insight server\Setttings\Data Loss Prvention there are values.

 

Data Loss Prevention settings
Hostname/IP address of DLP server:

Port:

Username:

Password:

Saved Report ID:

Randy Hollaway's picture

Thanks!!

I've been so focused on the admin and install guides I didn't check the implementation guide.

jjesse's picture

Just following up did you get this all taken care of?  If not please let us know so we can help out :)

Jonathan Jesse Practice Principal ITS Partners

Randy Hollaway's picture

Thanks for the follow up.

No I have not.

I do have the Enforce Server configured with the Insight Server, but not the other way around.

From Data Insight Server\Setttings\Data Loss Prenvention there are these settings:

Data Loss Prevention settings

Hostname/IP address of DLP server: - No brainer
 
Port: - I assume 443
 
Username: - Can this be an AD user or stored credentials or local Enforce Admin???
 
Password:
 
Saved Report ID: - No clue where this Saved Report ID comes from.

jjesse's picture

The documentation kinda stinks in my opinion... Needs a lot of work.  I think I got it to work via trial and error

 

User has to have access to the reporting api, its a check-box in the roles if I remember off the top of my head.  I think I used a non-windows user name, an internal user name.  Of course I had to create that before enabling AD authentication

If you run a report (Incidents -> Discvoer -> All Incidents) it shows an ID in the address bar, you should see a report ID there

I'm trying to remember its been a bit since I've implemented Data Insight for a customer

 

Hope that helps

Jonathan Jesse Practice Principal ITS Partners

Randy Hollaway's picture

Thanks again, I'm pretty sure I have all my ducks in a row, and did find the Report ID by enabling my status bar in IE.  But still can't get the connection.

I'm going to open a ticket - maybe by tuesday I'll hear from someone..ugh.

jjesse's picture

sorry i couldn't help better, would you mind updating this post when you get it all resolved so we all know what was the solution?

Like I said its been a couple of months since I've last implemented this and can't find my notes :(

Jonathan Jesse Practice Principal ITS Partners

Stephen Heider's picture

Hi.

So, just to be sure, you have the following setup:

  • The DLP SSL cert exported from DLP and imported into DI java keystore, as per DI Admin Guide
  • Reporting API role (as depicted in attachment - note that the type if incident data to view is indicated, Network, Endpoint, etc - but I am pretty sure this needs to include Discover)
  • Also, not in screenshot, but ensure "Folder Risk Reporting" at bottom of view is also ticked for the above Role
  • A DLP user to which that role is assigned
  • If AD authentication is enabled for DLP, the domain will need to be part of the credentials

If above still cannot connect, I would expect there is an equivalent to Tomcat logging on DI to review errors?

Have you confirmed that you can login to the DLP console directly with the credentials you are using? If not, I don't believe the Reporting login will succeed.

Note that provided the user exists in DLP - a login to the DLP console will usually succeed, even if the role has incorrect privileges. But once logged in the expected rights won't allow the user to do everything.

Hope that helps!

--Stephen

 

Reporting_API_role.JPG
Randy Hollaway's picture

Thanks for helping...

I did import the cert, checked reporting api, have folder risk reporting checked, assigned the role, can login with account, AD auth is enabled and using the domainname\user id.

port is 443?

when I test connection it quickly comes back with:

Failed to retrieve data from Data Loss Prevention Server. Check whether the Host Details, Credentials and Saved Report ID are correct
 
For hostname/IP address of the DLP Server I have servername.domainname.com
Port: 443
username: domainname\username
password:
Saved Report ID: 9
Stephen Heider's picture

Is Enforce box on Linux? If so, try 8443.

Also, just found a KB about DI servername vs. IP - if servername is on Certificate, but IP is what DLP has entered for DI, you will get connection failure.

Not sure whether the below is the DLP=>DI or the DI => DLP connection, but here's what I found in uor internal (DRAFT) knowledgebase:

 

DI (Data Insight) fails to connect to DLP. IP or DNS name must match

Applies To
 
  • Enforce 11.0
• Vontu Enforce Enforce

 

Problem Summary
 
  When configuring Data Insight (DI) to communicate with DLP, the connection fails.  After successfully importing the certificate, a generic connection error message was thrown when providing DI’s username and password. 

 

Solution
 
  Data Insight's certificate was generated with the machine’s name. The Data Identifier’s server IP address was entered into DLP.  The CN of the certificate containing a name did not match with the IP provided.  Using IPs or DNS names on both will work correctly.

 

 

 

Not sure about beyond that, but do confirm your versions are compatible:

  • DI 2.0 is supported with DLP 11.0, 11.1, 11.5
  • DI 2.5 and 3.0 are supported only with DLP 11.5/11.6

 

 

Randy Hollaway's picture

Thanks for helping...

I am using hostname, and have since open a case. The TSE has confirmed it "should" be working..and we've tried several variations of credentials...he's going through the logs now.

DLP Solutions's picture

In order to get this to work you still need to import the DLP certificate into the DI server. The conversation is a 2 way street. You have already pulled the DI certificate to DLP (mentioned in previous post), now you need to do the same for DI.

Without this the connection will not work..

This process is outlined on page 40 of the Admin Guide. I have attached the portion of the document you should need.

You will need to download the DLP certificate and then import it into the Data Insight server using the keytool program.

Hope that helps.

P.S. You should try and do all of this AFTER you have generated your own SSL certs for both the DLP and DI servers. If you are going to do that.

AttachmentSize
Data Insight Certificate.pdf 468.43 KB

Please make sure to mark this as a solution

to your problem, when possible.

 

Randy Hollaway's picture

Thanks for the response and attachment, I have imported the .cer from the dlp server to the di server using keytool.  In fact the TSE had me delete and re-import with the same results.

 

to your PS statement....are you saying this will only work after I've created my own SSL certs?

 

Randy Hollaway's picture

With SymSupport we determined SDI  wanted the Enforce local admin credentials.

SOLUTION