Data Loss Prevention

 View Only

  • 1.  Incident status history details extration

    Posted Dec 14, 2018 07:08 AM

    I was trying to create a TAT report for the status of incidents but found that there is no automated report to extract the same. I wanted to know how this can be done usign the SQL queires or any other method.



  • 2.  RE: Incident status history details extration

    Posted Dec 15, 2018 02:42 PM
    Just to confirm TAT is turnaround time? —- Do you have access to the database? Have you worked with any of the DLP Tables before? —- You might be able to build something with the Reporting API Symantec Data Loss Prevention Incident Reporting and Update API Developers Guides https://support.symantec.com/en_US/article.DOC9264.html


  • 3.  RE: Incident status history details extration

    Trusted Advisor
    Posted Dec 29, 2018 12:43 AM

    hi

     you could access incident history information (which contains all statuses update) in two different ways :

    - Reporting API : web services which has a specific method to access history information (first you need to find interesting incidentIDs then you will request history information for these IDs)

    - XML extract which could be obtained manually or automatically if you are able to simulate browsing in DLP UI.

     accessing information directly into database is always possible but symantec could change database schema in any version so you will have to redo your report.

     regards