Data Loss Prevention

Hello,

I'd like to know if there is a better way of using our credit card detection policy.  Any suggestions please?

The scenario is that when a staff member sends an email to an external address with a full credit card number, DLP pops-up with the endpoint policy and some options, the staff member clicks "Approved" and the message is emailed (with Endpoint incident creation).  Then DLP creates an SMTP incident with the same content, so the event responder is confused because there is one incident under Endpoint and another under network.

Personally, I'm ok with how DLP acts in this instance and I must reiterate this isn’t a fault per-say but I'd like to consider other ways of configuring the policy(s).

I have 8 servers running 14.0.0.05018, two are for Network Prevent for Email.
Endpoint client is version 12.5.0.20035.

Thank you,

DanJ

Hello,

I wouldn't call it a duplicate incident since the channels are different (protocols, etc..).

Just throwing out some options:

• Create a script to eliminate OR resolve such incidents if some criteria is met
• Do not apply this specific policy to Network channel, only Endpoint
• Create an automatic response rule to Resolve such incidents in one of the channels
• Etc.

Thanks for the clarification @Morgado. Options are much appreciated!

I would create a pyscript to delete the not relevant incidents.

Thanks for this.