Data Loss Prevention

 View Only

  • 1.  Query regarding Symantec DLP 14.6

    Posted Jul 10, 2017 01:35 PM

    Hi,

     

    I am a bit new to DLP so pardon the noob nature of the questions. I have following two queries related to the product:

     

    1. We have alerts generated for specific users that we know are valid that have to send out data. For instances where we know the activity is valid, is there a way to close these incidents automatically with a comment of the known activity?

     

    1. How to apply a policy only to a specific user group that is created. 

     

    Thanks.



  • 2.  RE: Query regarding Symantec DLP 14.6
    Best Answer

    Trusted Advisor
    Posted Jul 10, 2017 02:49 PM

    Sym_wizard..

    You can NOT automatically do this for a specific valid event. You can create a manually Response rule that will become a button on the screen and make this easier.

    You then have it do multiple things in cluding changing the status and then updating a field in a single click.

    In order to have a policy fire per group, you can either do this based on the username (sender) or create a AD based group.

    Policy > User Groups

    Then apply the policy to that user group (Sender) etc.. 

     

    If you do this then you can create a policy that is ONLY specific to a group of users and setup an Automated Response rule to change the status and update a filed.

    Then create another policy that has the Group if Users as an exception to the rule. Then create any other repsone rule if needed..

     

    Good Luck

    Ronak