Data Loss Prevention

 View Only

  • 1.  Several DLP Questions

    Posted May 12, 2016 05:44 PM

    Hi everyone,

    1. Is there a listing off all of the evetn codes generated by DLP?

    2. Is there a report that can be generated within DLP to show any changes to policies?

    3. Is there a guide that someone can point me to that will show how to setup manager notification for incidents?

    Appreciate the help on this.

     



  • 2.  RE: Several DLP Questions
    Best Answer

    Trusted Advisor
    Posted May 13, 2016 02:27 AM

    hello

     you should find all your needed information in the administration guide.

    1/ yes in the admin guide.

    2/ you cannot generate a report. but you can set an alert on the corresponding event code (2116) in order to be informed when a policy is changed (dont forget also to set some alert on element used in policy which cul dbe changed to (like IDM, EDM,...)). You may also check AuditLog table in DLP database as all operation are logged in it

    3/ Admin guide.

     Regards.



  • 3.  RE: Several DLP Questions
    Best Answer

    Posted May 13, 2016 10:08 AM

    The IT Analytics reporting tool, included with DLP but it is a separate install, contains a report that shows all the changes to the DLP policies.  See below:IT Alanytics.jpg



  • 4.  RE: Several DLP Questions

    Posted May 13, 2016 04:51 PM

    The audit stuff with IT Analytics is one of my primary use cases around this.  I'm a huge fan of the audit stuff that is exposed in IT Analytics.

    You beat me to this answer :)