Data Loss Prevention

 View Only

  • 1.  Lookup for some policies

    Posted Feb 20, 2012 02:19 AM

    Hi,

    I just have a query that if it is possible to have the csv lookup for some particular policy or policy group.

    Because I have a requirement where a response email alert to send to the supervisor of a particular department(policy group in Symantec DLP term) but the other group dont want.

    Would it be possible? Or it will just not find anything with no results for other department.

     

    Also If other department has a different csv file having different columns, then what would be the probable solution to have diffrent csv files lookup?



  • 2.  RE: Lookup for some policies

    Posted Feb 20, 2012 09:25 AM

    Not naitively, I've tried to do this for a client but we were unable to do this in DLP naitively.

    What we are talking about doing/setting up is leveraging the Symantec Workflow solution to handle the routing etc...

    So an email is generated and sent to a custom mailbox that Workflow is watching, the email contains the custom attributes I'm pulling through Active Directory (Department and Company Name), the workflow engine reads this email and then makes the decision where to route the ticket as either an incident in Workflow process manager or just send an email notification to the correct user

     

    Hope this helps and if it is the solution to your question please mark it as such



  • 3.  RE: Lookup for some policies

    Posted Feb 21, 2012 01:39 AM

    Thanks for response jjesse.

    But in my case I want to know the possibility of having two different lookups.

    Like in your case its AD, in my case its AD for one department and csv file for another.

    Regards,

    Yusuf



  • 4.  RE: Lookup for some policies

    Posted Feb 22, 2012 11:33 AM

    Natively to Symatnec DLP it can't be done, it has to be done outside of DLP by some form of workflow or routing engine.  You would populate your attributes from whatever source you have (CSV file, AD, multiple CSV etc) and pass  that information over to the routing/workflow engine of your choice.

     

    So yes it can be done, but not through DLP

     

    Does that make sense?

     

    Jonathan



  • 5.  RE: Lookup for some policies
    Best Answer

    Posted Feb 23, 2012 03:08 PM

    You could chain these lookups (and be more creative with regards to how you do them) to do whatever you want.  For instance, you could do the following with the lookup chain:

    LiveLDAP -> Custom Script -> CSV Lookup

    The LiveLDAP lookup will return a value for the user's "Department" attribute if you define that. 

    Then the script could perform logic that says "if the department = 'A', then make csvlookupkey = sender-email, else make csvlookupkey = null.

    Then if you define the key value in the CSV lookup as the attribute 'csvlookupkey', you would only get a result against that CSV lookup when the user's department was = 'A' (or whatever you wanted to do with that logic in the script).

    In short...it CAN be done with DLP, you just have to know how to do it.  Granted, in much more complex cases it might be better done with Workflow, but this one is pretty easy. 

    ~Keith



  • 6.  RE: Lookup for some policies

    Posted Feb 25, 2012 12:46 AM

    Hi, Thanks everyone.

    Finally I have done this by clubbing of data of two departments in single csv.Luckily for both departments I had different key attribute.SO it worked fine.

    jjesse idea is also fine.

    Keith - Yes, I agree with your approach too.

    May be, in nearby future I can use the ideas of you people too. :-)

    Thanks for all of your help.