Data Loss Prevention

 View Only

  • 1.  Log removal of incidents

    Posted Mar 16, 2012 01:19 AM

    Hello colleagues,

    Can the Symantec DLP system, save in the history of when and who removed the incidents?

    Thank you.



  • 2.  RE: Log removal of incidents
    Best Answer

    Trusted Advisor
    Posted Mar 16, 2012 03:19 AM

    hello

     

     this information is available in the audit table in DLP database.

    But if the incident was completely deleted, you wont be able to know what was inside this specific incident. But audit table will let you know that :

    - account john.doe with profile ABCDE deleted incident with ID 123456 on March 13th at 12:50:34

    which is a good start if you have some audit issues...



  • 3.  RE: Log removal of incidents

    Posted Mar 16, 2012 08:17 AM

    Hi Artem,

    You can get this information form DLP. Using the audit log table you can find out when the incident were deleted & by whom.

    There is SQL script to pull the logs from audit table.

    -------Vishvajit .



  • 4.  RE: Log removal of incidents

    Posted Mar 16, 2012 03:19 PM

    Thank you for helpful information!



  • 5.  RE: Log removal of incidents

    Posted Mar 16, 2012 03:22 PM

    Thank you!



  • 6.  RE: Log removal of incidents

    Posted Apr 11, 2012 10:54 AM

    Artem - check out the following discussion on the same topic... sample SQL code included:

    https://www-secure.symantec.com/connect/forums/auditingmonitoring-dlp-administrators-and-users

    Bob.