Data Loss Prevention

 View Only

  • 1.  How to server for incidents (requests) to whitelist sites

    Posted Sep 29, 2016 05:07 PM

    I have a list of sites that for one reason or another had been whitelisted in the past and I need to discover who made the requests. I want to search the DLP incidents for the whitelisted site names, and then maybe check from the requester. 

    Any idea on the best way to accomplish this?

    Thank you for any help.



  • 2.  RE: How to server for incidents (requests) to whitelist sites

    Posted Sep 29, 2016 05:15 PM

    Title should read How to search for incidents (requests) to whitelist sites



  • 3.  RE: How to server for incidents (requests) to whitelist sites
    Best Answer

    Trusted Advisor
    Posted Sep 30, 2016 01:55 AM

    hello,

     you could do a report using "Domain" as a filter which contains list of your whitelisted domain then you will have subset of your incident about these domains.

     

     After that it depends how incident are managed. Usually i always have a specific status to tag incident which are linked to an exception request but if you dont have this, it may be difficult to knwo exactly who was the requester (may be the one who generate last incident linked to these domain). You may also look at the note in these incident, may be there is some information about exception request.

     Regards