Data Loss Prevention

Hi,

For automation perspective, I need to retrive DLP real time data.

Can you please provide in detail how can I access either through API/web serivice or powershell scripting?

Please help.

up to this..

Hi utkarsh88!

Most data in the DLP database is encrypted, which makes it difficult to create scripts for data collection.

Here is the link about DLP database:

https://support.symantec.com/en_US/article.TECH221293.html
 

Regards,
Diego

Hi utkarsh88!

Most data in the DLP database is encrypted, which makes it difficult to create scripts for data collection.

Here is the link on the DLP database:
https://support.symantec.com/en_US/article.TECH221293.html

Regards,
Diego

hi,

 it depends which kind of data you need :

- custom plugins (powershell, python, perl,.....) will allow you to have access to some information when a DLP incident is detected (you will also be able to add some information to DLP incident)

- DLP API will allow you to retrieve some information about incident at any moment (you just need to have a report which contains your incident). and you will be able to access more information with API than with custom plugins.

- If you need real time information about other part of DLP (policies,...) you could alwasy create some script that will connect to DLP UI and then access your information, or get them directly from database (by default only original message are encrypted with a key managed by DLP). But if you start fetching information from database, next time you upgrade your DLP you may need to update script too as it i snot supported by symantec so they could update DB schema in any version.

 regards