Forum Discussion

drahrig's avatar
drahrig
Level 4
10 years ago
Solved

DLP info into DI

Is it possible to get DLP scan result info into the DI environment. My client wnat to be able to show someone that not only has their data not been used for over a year, it has confidential data with poor permissions. 

Data Insight
Information Governance
Windows Server (2003-2008)
  • Rod_p1's avatar
    Rod_p1
    10 years ago

    Hello Dave,

    The SSP (SelfService Portal) is for the remediation of the incidents captured and not required to import Symantec DataInsight (SDI) attributes into DLP or the DLP sensitive files list into  SDI.  You may be thinking of the workflow and remediation which does require the SSP.

    The two products integrate together via a SSL connection and the method of creating the connection and required SDI incident report in DLP are detailed in documents within both products.

    SDI has a daily job that pulls over the previous day's information -

    Name

    Description

    Default Schedule

    Node Type

    Files processed/ updated

    Comments

    DlpSensitiveFilesJob

    This job pulls classification information from the configured DLP server and generates tags db per msu

    Everyday 12 AM

    MS only

    Generates tags file in outbox for each msu with the format msu<msuId>_<timestamp>_dlp-tags.sqlite

    Generated tags files will be transferred to respective indexers and will be consumed by next IndexWriterJob

    reference the list of jobs at - http://www.symantec.com/docs/TECH218523

    Interoperability is slightly different between versions as the products morph and add new features. The Admin should always strive to keep the versions current with the latest releases for the newest and most advanced features. The same is true of the Enterprise Vault which is also complementary and houses the repository for the archiving (similar to HSM) of the files from within SDI.

    This is a licensed feature within the DLP product, although most customers are given a grace period to test and confirm the usability for their environment. Please see the http://www.symantec.com/docs/TECH220332  if your license has issues.

    Once you have created and configured users, added the proper certificates and configured interoperability for the two products as detailed in the Admin and interoperability guides for the products and considered the many guidelines for configuration (See SDI Technotes, DLP Technotes) or eliminated the typical error of naming an incorrect report, you can move to reporting to demonstrate your desired data using SDI reporting or DQL (DataInsight Query Language). Start in the Data Lifecycle Reports  section with data aging and follow the creation procedures we have discussed in a previous post on the buckets and configuration of reports.


    Rod

     

     

     

  • Rod_p1's avatar
    Rod_p1
    Level 6
    10 years ago

    Hello Dave,

    The SSP (SelfService Portal) is for the remediation of the incidents captured and not required to import Symantec DataInsight (SDI) attributes into DLP or the DLP sensitive files list into  SDI.  You may be thinking of the workflow and remediation which does require the SSP.

    The two products integrate together via a SSL connection and the method of creating the connection and required SDI incident report in DLP are detailed in documents within both products.

    SDI has a daily job that pulls over the previous day's information -

    Name

    Description

    Default Schedule

    Node Type

    Files processed/ updated

    Comments

    DlpSensitiveFilesJob

    This job pulls classification information from the configured DLP server and generates tags db per msu

    Everyday 12 AM

    MS only

    Generates tags file in outbox for each msu with the format msu<msuId>_<timestamp>_dlp-tags.sqlite

    Generated tags files will be transferred to respective indexers and will be consumed by next IndexWriterJob

    reference the list of jobs at - http://www.symantec.com/docs/TECH218523

    Interoperability is slightly different between versions as the products morph and add new features. The Admin should always strive to keep the versions current with the latest releases for the newest and most advanced features. The same is true of the Enterprise Vault which is also complementary and houses the repository for the archiving (similar to HSM) of the files from within SDI.

    This is a licensed feature within the DLP product, although most customers are given a grace period to test and confirm the usability for their environment. Please see the http://www.symantec.com/docs/TECH220332  if your license has issues.

    Once you have created and configured users, added the proper certificates and configured interoperability for the two products as detailed in the Admin and interoperability guides for the products and considered the many guidelines for configuration (See SDI Technotes, DLP Technotes) or eliminated the typical error of naming an incorrect report, you can move to reporting to demonstrate your desired data using SDI reporting or DQL (DataInsight Query Language). Start in the Data Lifecycle Reports  section with data aging and follow the creation procedures we have discussed in a previous post on the buckets and configuration of reports.


    Rod