Data Loss Prevention

 View Only

  • 1.  How can we export particular policy incidents to external drive from Symantec enforce sever periodically

    Posted May 21, 2018 12:41 AM

    Hello All,

    Just wanted to check, if we can achieve the above mentioed functionality in Symantec enforce console or any similar workarounds.  As we need to define certain action based on the incident attributes(violator name, source IP etc.)

    Thank you in advance!!

    Best Regards,

    Nitin



  • 2.  RE: How can we export particular policy incidents to external drive from Symantec enforce sever periodically

    Posted May 21, 2018 03:16 AM

    Hi Kumar,

    Have you checked the link below?

    https://www.symantec.com/connect/forums/export-more-100000-incidents-web-archive-sdlp-145

    Thanks!



  • 3.  RE: How can we export particular policy incidents to external drive from Symantec enforce sever periodically

    Trusted Advisor
    Posted May 21, 2018 02:37 PM

    Kumar,

    The only way to do this is to schedule a Report to be emailed to a set of users.. the confoguration to allow emails to be sent as link or actual reports is in the System > General Settings section

    Though the email will not contain ANY of the matches, but just a report of the basic incident info (Sender, date/time, recipient and policy violation info)

    The other option is to Manually do a Web Archive of a Specific report.. this will publish a Web Based (HTTP) report that is clickable and you can drill down into it as it if you were in the console. Thsi will be published on the Enforce Server in a specific directory. You can make this deirectory shareable and allow people to access those reports.

    The Web Archive will have all of the info, including matches. This is NOT reccomended, on a regular basis, for you are spreading information that you are trying to protect in an unprotected fashion.

     

    Good Luck,

    Ronak

    PLEASE MARKED SOLVED WHEN POSSIBLE.