cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

DLP info into DI

Go to solution
drahrig
Level 4
Partner

‎03-23-2015 09:30 AM

Is it possible to get DLP scan result info into the DI environment. My client wnat to be able to show someone that not only has their data not been used for over a year, it has confidential data with poor permissions. 

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Rod_p1
Level 6
Employee Accredited Certified

‎04-15-2015 06:59 AM

Hello Dave,

The SSP (SelfService Portal) is for the remediation of the incidents captured and not required to import Symantec DataInsight (SDI) attributes into DLP or the DLP sensitive files list into  SDI.  You may be thinking of the workflow and remediation which does require the SSP.

The two products integrate together via a SSL connection and the method of creating the connection and required SDI incident report in DLP are detailed in documents within both products.

SDI has a daily job that pulls over the previous day's information -

Name

Description

Default Schedule

Node Type

Files processed/ updated

Comments

DlpSensitiveFilesJob

This job pulls classification information from the configured DLP server and generates tags db per msu

Everyday 12 AM

MS only

Generates tags file in outbox for each msu with the format msu<msuId>_<timestamp>_dlp-tags.sqlite

Generated tags files will be transferred to respective indexers and will be consumed by next IndexWriterJob

reference the list of jobs at - http://www.symantec.com/docs/TECH218523

Interoperability is slightly different between versions as the products morph and add new features. The Admin should always strive to keep the versions current with the latest releases for the newest and most advanced features. The same is true of the Enterprise Vault which is also complementary and houses the repository for the archiving (similar to HSM) of the files from within SDI.

This is a licensed feature within the DLP product, although most customers are given a grace period to test and confirm the usability for their environment. Please see the http://www.symantec.com/docs/TECH220332  if your license has issues.

Once you have created and configured users, added the proper certificates and configured interoperability for the two products as detailed in the Admin and interoperability guides for the products and considered the many guidelines for configuration (See SDI Technotes, DLP Technotes) or eliminated the typical error of naming an incorrect report, you can move to reporting to demonstrate your desired data using SDI reporting or DQL (DataInsight Query Language). Start in the Data Lifecycle Reports  section with data aging and follow the creation procedures we have discussed in a previous post on the buckets and configuration of reports.


Rod

 

 

 

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
drahrig
Level 4
Partner

‎03-23-2015 10:23 AM

They do not have a license for the portal.

0 Kudos

Go to solution
Rod_p1
Level 6
Employee Accredited Certified

‎04-15-2015 06:59 AM

Hello Dave,

The SSP (SelfService Portal) is for the remediation of the incidents captured and not required to import Symantec DataInsight (SDI) attributes into DLP or the DLP sensitive files list into  SDI.  You may be thinking of the workflow and remediation which does require the SSP.

The two products integrate together via a SSL connection and the method of creating the connection and required SDI incident report in DLP are detailed in documents within both products.

SDI has a daily job that pulls over the previous day's information -

Name

Description

Default Schedule

Node Type

Files processed/ updated

Comments

DlpSensitiveFilesJob

This job pulls classification information from the configured DLP server and generates tags db per msu

Everyday 12 AM

MS only

Generates tags file in outbox for each msu with the format msu<msuId>_<timestamp>_dlp-tags.sqlite

Generated tags files will be transferred to respective indexers and will be consumed by next IndexWriterJob

reference the list of jobs at - http://www.symantec.com/docs/TECH218523

Interoperability is slightly different between versions as the products morph and add new features. The Admin should always strive to keep the versions current with the latest releases for the newest and most advanced features. The same is true of the Enterprise Vault which is also complementary and houses the repository for the archiving (similar to HSM) of the files from within SDI.

This is a licensed feature within the DLP product, although most customers are given a grace period to test and confirm the usability for their environment. Please see the http://www.symantec.com/docs/TECH220332  if your license has issues.

Once you have created and configured users, added the proper certificates and configured interoperability for the two products as detailed in the Admin and interoperability guides for the products and considered the many guidelines for configuration (See SDI Technotes, DLP Technotes) or eliminated the typical error of naming an incorrect report, you can move to reporting to demonstrate your desired data using SDI reporting or DQL (DataInsight Query Language). Start in the Data Lifecycle Reports  section with data aging and follow the creation procedures we have discussed in a previous post on the buckets and configuration of reports.


Rod

 

 

 

0 Kudos