Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Masking/Redacting Information in DLP Incidents and Reports

Created: 10 Oct 2011 | 2 comments

Hello, does anyone know how to mask or hide the sensitive information that shows up in incidents or reports. For example, instead of having the item that matches the policy highlighted in yellow, can I have it obscured in black?

Comments 2 CommentsJump to latest comment

Denis Kattithara's picture

To the best of my knowledge, there is no feature / tweak for this..

Denis John Kattithara

Partner Assist Services

Symantec Corporation 

kishorilal1986's picture

yes Larry,

You can do this but for that you need to change the view attribute settings as per role based.When you create any user account you can define the view/ visibility of specific information realted to incidents. you can hide or unhide the incident data as per user role. in

Manage->User Groups->

Symantec Data Loss Prevention provides role-based access control to govern how users access product features and functionality. For example, a role might let users view reports, but prevent users from creating policies or deleting incidents. Or, a role might let users author policy response rules but not detection rules.

To configure a role

  1. Navigate to the System > User Management > Roles screen.
  2. Click Add Role.

The Configure Role screen appears, displaying the following tabs: General, Incident Access, Policy Management, and Users.

  1. In the General tab:
    • Enter a unique Name for the role. The name field is case-sensitive and is limited to 30 characters. The name you enter should be short and self-describing. Use the Description field to annotate the role name and explain its purpose in more details. The role name and description appear in the Role List screen.
    • In the User Privileges section, you grant user privileges for the role.
    • To restrict viewing access to only certain incident types, select (highlight) the type of incident you want to authorize this role to view. (Hold down the Ctrl key to make multiple selections.) If a role does not allow a user to view part of an incident report, the option is replaced with "Not Authorized" or is blank.