Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Modifying DLP IncidentSeverity FlexResponse Plugin

Created: 11 Sep 2013 • Updated: 12 Mar 2014 | 5 comments
This issue has been solved. See solution.

I am trying to develop a FlexResponse plugin for DLP that will trigger on an event, and in that event I will grab the IncidentDetail to get the filename and other parameters I may need. After which I will do some lookups and the like. What I do need help with, is to figure out how to update incident details, the primary parameter I need to update is the IncidentSeverity. 

The FlexResponse API is very sparse in describing how to do so, and the API documentations mentions classes in the API that I lack (using 11.6). 

Simply I really just need to grab IncidentDetails and then modify the IncidentSeverity based on parameters of my own choosing.

Operating Systems:

Comments 5 CommentsJump to latest comment

Lion Shaikh's picture

Hi,

Please clarify once again that what do you want exactly, do you want to create flexr response plugins that will change the severity accordingly parameters define by you?

yang_zhang's picture

I think you can make the configuration of your response rule to archeve your requirements, not use the FlexResponse. 

You can set the conditions of the response rule to modify the severity of the incidents.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
drst42's picture

I want to be able to change the severity according to my criteria, not according to a Response Rule.

Say I have a repository of files, that given they trigger an incident, I want to reference a CSV for what these files will trigger as (LOW, MEDIUM, HIGH).

The only thing I want to be able to do is update the Incident SeverityLevel, meaning "write" to SeverityLevel rather than read it.

DLP Solutions's picture

Drst42,

The FlexResponse API is something that ALLOWS you to change some things that is part of the Incident itself. In order to change the Severity of the incident that is OUTSIDE of the platform will require you to write a custom API, in java or another program.

I know that you can update the attributes and other fields in the incident, but changing the status might be toiugher and not reccomended.

What I did before for another customer is to update a custom attribute and NOT the severity. Let the severity be set by the platform and then based on the Flex Response API update another custom attribute filed with what you want. That way you can still run reports and search for the new 'tag'.

Your best bet is to look at the Examples that they provide with the FlexResponse API and docs to learn how to do this.

I have done this before, but it requires some really good programming skills.

Hope this makes sense.

If this solves your questions please marked as solved.

Ronak

Please make sure to mark this as a solution

to your problem, when possible.

 

SOLUTION
drst42's picture

My curiosity was whether there was a piece of the API that would allow me to change the severity and return it back to Enforce, however I have been doing like you said and returning a custom attribute.

My hope was to be able to avoid the use of an extra attribute in the long term to make our reporting tasks simpler.

I will look into this further to extend the capabilities of the API.

 

Thanks.