hi,
it depends which kind of data you need :
- custom plugins (powershell, python, perl,.....) will allow you to have access to some information when a DLP incident is detected (you will also be able to add some information to DLP incident)
- DLP API will allow you to retrieve some information about incident at any moment (you just need to have a report which contains your incident). and you will be able to access more information with API than with custom plugins.
- If you need real time information about other part of DLP (policies,...) you could alwasy create some script that will connect to DLP UI and then access your information, or get them directly from database (by default only original message are encrypted with a key managed by DLP). But if you start fetching information from database, next time you upgrade your DLP you may need to update script too as it i snot supported by symantec so they could update DB schema in any version.
regards