Data Loss Prevention

 View Only

  • 1.  Customised Incident export from Vontu

    Posted Mar 14, 2017 06:50 PM

    Hi,

    Looking for some assistance with exporting incident data from Vontu.

    My requirement is to have a regular weekly/monthly report which feeds into another system, but I do not want to include user-related information in the external system. The external system also accepts the data with columns in a certain order.

    When I export incidents from Vontu - Network or Endpoint, it gives all columns. Is there a way to export only 5 or 10 specific columns only.

    Or is there a way to modify a report with needed columns and save it for future use?

    Thanks



  • 2.  RE: Customised Incident export from Vontu

    Trusted Advisor
    Posted Mar 22, 2017 04:15 AM

    hello,

     you could not change csv export content (even if you masked some values, corresponding column will be there).

    You may be able to plug your DLP to a syslog server and so send DLP information automatically (but for each incident) or postprocess your csv export to remove some column or use web service API to get incident extraction)

     regards



  • 3.  RE: Customised Incident export from Vontu

    Posted Mar 24, 2017 09:46 AM

    Incident Reporting & Update API, syslog (via response rules applied to the policies) to a SIEM or event correlation tool or a scheduled email report with the csv attached to a server the runs a powershell/bash script are your only options.



  • 4.  RE: Customised Incident export from Vontu

    Posted Mar 27, 2017 11:12 AM

    DLP also has the IT Analytics reporting system included at no charge (I think it still is).  This will take metadata from the Oracle database and pull it into an MS SQL database that you can then use to create reports, including specific columns, if you'd like.