Data Loss Prevention

 View Only

  • 1.  Vontu DLP Endpoint Copy File with Python Plugin Flex Response rule

    Posted Oct 02, 2012 03:01 PM

    Hello,

    I have DLP 11.5.  I have been asked to run the endpoint discover on a PC looking for specific content.  If I find the content then I need to copy the entire document(s) back to a local server where I can view the data.  I cannot remove or disturb the original file detected.

    I figure I should be using a Response Rule.  The only action that seems logical would be an Endpoint Flex Response.  But I cannot find an example Python script that would copy a local file from the agent computer over to a server.

    Does anyone have an example Python script or any advice on how I could get the file(s) copied from a PC over to a network server?  I cannot let the end user know I am detecting the files and I cannot use Quarantine because I believe that removes the original file and that would alert the user something is wrong.

     

    Thanks,

    Scott



  • 2.  RE: Vontu DLP Endpoint Copy File with Python Plugin Flex Response rule
    Best Answer

    Trusted Advisor
    Posted Oct 03, 2012 05:38 PM

    Scott,

    You can do this already in the product. Use the "Limit Incident Data Retention" response rule, you can then check the box to copy the file over to the server.

    All Endpoint Incidents (Including Endpoint Discover Incidents):
    Retain Original Message:

     



  • 3.  RE: Vontu DLP Endpoint Copy File with Python Plugin Flex Response rule

    Posted Oct 04, 2012 10:46 AM

    Wow.  I think this is working!!!  I would have never figured that out.  Thank you so much.