Data Loss Prevention

 View Only

  • 1.  What policies are loaded on my detection server?

    Posted Oct 09, 2015 06:40 PM

    Hello DLP fans!

    I wanted to know what is the most efficient way to answer the question "what polices are loaded on a detection server?"

    If you look in the UI under Server Event Detail all we see is "Loaded X policies."

    The server detail page only tells us the policy groups.

    So then you have to look at the policy group to see what policies it contains.

    Then you have to look under Policy List to see which ones are enabled.

    I'm thinking there must be a better way!

    Thanks!

     



  • 2.  RE: What policies are loaded on my detection server?
    Best Answer

    Trusted Advisor
    Posted Oct 11, 2015 08:32 AM

    Hello,

     DLP UI is not able to provide you this information.

    If you want it, you have to do a SQL request like the following one to DLP database (v12.5) :

    select p.name as policy_name, o.name as policygroup_name, f.MONITORNAME as monitor_name from policy p,monitorpolicygroupmapping m ,policygroup o,informationmonitor f where p.activestatus=1 and p.policygroupid=o.policygroupid and m.policygroupid=o.policygroupid and m.informationmonitorid=f.informationmonitorid;

    This will give you as result

    policy_name    policygroup_name    monitor_name  

     

    it does not take into account policies in default policy group.

    Regards.



  • 3.  RE: What policies are loaded on my detection server?
    Best Answer

    Posted Oct 12, 2015 09:32 AM

    To the best of my knowledge, there seems to be no direct way of looking the policies applied on a detection server. Database queries are always an option though, however dont seem feasible to me, simply for policy assignment validation.

    I'm used to creating an excel sheet, which is a direct select, copy & paste of the policies page in Enforce UI.

    Once I get to know which groups are assigned, I would use filters in excel.

    This is exactly not a technical solution to your requirement however this is quick & works on an opertational basis.



  • 4.  RE: What policies are loaded on my detection server?

    Posted Oct 13, 2015 12:02 PM

    Hello and thanks to all for replying!

    I'm not sure why jjesse marked the database queries as the solution as this is not a solution for my situation though querying the database directly is a great idea.
    My employer does not allow ANY development tools to touch the back end database.
    If I want to run a simple query it has to go through checks and balances.

    In my opinion the solution is for Symantec to fix this in the UI.  You should be able to quickly know what policies are actually loaded on a detection server without having look through the logs or "do the math" in the UI via "the foot policy is connected to the leg policy group - the leg policy group is connected to the knee server!"

    I was working on a spreadsheet as leadvue mentioned when I thougth, there has got to be a better way.

    Next step is to check out the new reporting API and see if I can get permission to use that in our environment!

    So I would say in my case Leadvue's suggestion of just documenting it in a spreadsheet is an available workaround.

    Thanks again!