cancel
Showing results for 
Search instead for 
Did you mean: 

Data Insight Symantec DLP link in incidents

ndaniel71
Level 3
Partner Accredited

Hello all,

We are in the middle of a Symantec DLP / Data Insight integration at the moment. Right now we are in early phase 1 data aquisition.

 

Currently I have gone through all the steps to connect/test connections from DLP to DI and import proper certs and such and the test connects are succeeding.

 

However, during review of incidents with the client they noticed the "Go to Data Insight Console"  Clicking on it simply takes you to a browser warning page. I imported the cert into IE but then it only takes us to the Data Insight login page. Within the link there seems to be additional redirect information its trying to pass and the customer says they were told it provides a link to the Filer/File information of that incident. Is this the case? When I do a properties of that link its https://ms240dlpins01.XXXXX.XX/_redirect?filer_name=MS240CORP07&share_name=E%24&path_name=%2FSSCS-MA...

 

If so is there any other additional docs other than the admin guide that step through getting that to work? Attaching a screenshot of where its located.

If its only a link going to the Console login why does it try to pass additional redirect info? I also tried this while logged in and it still only directs to console.

 

Thank you,

Nathan

1 ACCEPTED SOLUTION

Accepted Solutions

Rod_p1
Level 6
Employee Accredited Certified

Hello Nathan:

 

The link within DLP (Data Loss Prevention) is a redirect page to the file within the workspace of the SDI (Symantec DataInsight) console. There is an interim page for security that requires the entry of the login credentials sufficient to access the workspace (assignment of roles is required within  SDI to the userID).

Once the credentials have been entered it is expected that the redirect will take the user directly to the file, which is the archived PST in this case. There are requirements for this to function.

  • the certificate must be compatible on both sides and unaltered from the ones imported when the integration was created
  • the device must be scanned from both the DLP enforce server and the SDI collector
  • the fully qualified path to the location on the device must be identical in both applications. (the device name must either be FQDN or resolvable shortname in both instances)
  • the userID  and password used to resolve to the domain login must be valid
  • the role assigned the userID must allow access to the workspace

SDIRolestable.jpg

 

If you have met all the prerequisites, logged in as a user with appropriate access credentials and still have an existing problem then please open the online help assistance (Upper right link in the console) and enter DLP in the search box to get the steps to ensure the configuration is as you desire.

 

Post your steps and any errors and I can continue to guide you in configuration to allow you to gain access directly to the file you wish to remediate as noted in your incident report from DLP.

Rod

_________________________________________

Please let me know if this resolves your question?

View solution in original post

1 REPLY 1

Rod_p1
Level 6
Employee Accredited Certified

Hello Nathan:

 

The link within DLP (Data Loss Prevention) is a redirect page to the file within the workspace of the SDI (Symantec DataInsight) console. There is an interim page for security that requires the entry of the login credentials sufficient to access the workspace (assignment of roles is required within  SDI to the userID).

Once the credentials have been entered it is expected that the redirect will take the user directly to the file, which is the archived PST in this case. There are requirements for this to function.

  • the certificate must be compatible on both sides and unaltered from the ones imported when the integration was created
  • the device must be scanned from both the DLP enforce server and the SDI collector
  • the fully qualified path to the location on the device must be identical in both applications. (the device name must either be FQDN or resolvable shortname in both instances)
  • the userID  and password used to resolve to the domain login must be valid
  • the role assigned the userID must allow access to the workspace

SDIRolestable.jpg

 

If you have met all the prerequisites, logged in as a user with appropriate access credentials and still have an existing problem then please open the online help assistance (Upper right link in the console) and enter DLP in the search box to get the steps to ensure the configuration is as you desire.

 

Post your steps and any errors and I can continue to guide you in configuration to allow you to gain access directly to the file you wish to remediate as noted in your incident report from DLP.

Rod

_________________________________________

Please let me know if this resolves your question?