Veritas Data Insight User's Guide
- Section I. Introduction
- Introducing Veritas Data Insight
- Using the Veritas Data Insight Management Console
- Section II. Data Insight Workspace
- Navigating the Workspace tab
- Analyzing data using the Workspace views
- Viewing access information for files and folders
- Viewing user activity on files or folders
- About visualizing collaboration on a share
- Viewing access information for users and user groups
- Section III. Data Insight reports
- Using Data Insight reports
- About Data Insight security reports
- Permissions reports
- Permissions Search report
- Creating a Permissions Query Template
- Permissions Query Template actions
- Ownership Reports
- About Data Insight storage reports
- Capacity reports
- Data Lifecycle reports
- Consumption Reports
- About Data Insight custom reports
- Managing reports
- Viewing reports
- Using Data Insight reports
- Section IV. Remediation
- Configuring remediation workflows
- Managing workflow templates
- Creating a workflow using a template
- Managing workflows
- Using the Self-Service Portal
- About the Self-Service Portal
- Managing data
- About managing data using Enterprise Vault and custom scripts
- About adding tags to files, folders, and shares
- Managing permissions
- About recommending permissions changes for inactive users
- Configuring remediation workflows
- Appendix A. Command Line Reference
About remediation workflows
In large storage environments, it can become difficult to assign the responsibility of remediating data resources to data owners and custodians. Security and storage administrators have to manually inform data owners about issues with the resources that they own. Also, it can be tedious to track remediation actions on such resources.
Remediation workflows provide an easy way to fan out remediation tasks among configured custodians and data owners. The custodians are responsible for the data resources and can take a decision about the best way to remediate them. To understand how custodians are assigned in Data Insight, refer to the Veritas Data Insight User's Guide.
You can use workflows to define a process to distribute remediation tasks to custodians. You can create the following workflows for different remediation tasks:
Review the user permissions on the folders that the custodians are responsible for and attest the permissions or suggest changes. The entitlement information for this workflow is generated by the Entitlement Review report.
You can send the change request to a ticketing system or Identity and Access Management (IAM) tool, or use custom scripts to remediate the permissions.
Data Loss Prevention (DLP) Incident Remediation
View policy violations and take action on the files that violate policies. The policy information is pulled into Data Insight from Symantec Data Loss Prevention (DLP). The actions are Smart Response rules defined by DLP administrators. DLP uses the Smart Response rules to remediate the resources that violate configured DLP policies.
Data Insight uses two DLP Web services for incident remediation - the Response Rules Listing Service and the Response Rule Execution Service. The Response Rule Listing Service provides a list of available response rules in DLP, such as delete or quarantine, for a given incident. The Response Rule Execution Service takes the response rule requests submitted by users from the Self-Service Portal and executes them in DLP. By default, the Response Rule Execution Service is disabled. You must enable the service to allow the portal users to remediate incidents.
Data Insight does not let you create an incident remediation workflow for sensitive paths that are imported into Data Insight using a CSV file. This is because the workflow requires data from DLP, such as Smart Response rules and incident IDs and severity information for paths that violate a policy.
For more information about DLP incidents, see the Symantec Data Loss Prevention Administrator's Guide.
Confirm the ownership of files and folders in your storage environment.
Classify the sensitive files that must be retained for a legally mandated period. The workflow helps you classify files based on their business value and manage the life cycle of sensitive documents by applying data management rules to the classified data.
You can choose to archive the files that are marked as record and apply retention categories that define how long the files must be stored before being deleted. The files that are marked as record are retained based on the file classification policies that they violate.
You can use the workflow to trigger automatic actions only if your organization uses Enterprise Vault™ to archive data and if Enterprise Vault is configured in Data Insight.
Creating workflows for the SharePoint Online, Microsoft OneDrive, and Documentum data sources is not supported.
Depending on the type of workflow, the custodian may perform the following actions:
Review the user permissions on folders that the custodian owns and automatically trigger a permission remediation workflow to execute the changes.
To trigger a permission remediation action, you must first configure the permission remediation settings.
DLP Incident Remediation
Choose the configured remediation actions, and submit the same for execution by the DLP Enforce Server.
Confirm the ownership of resources. Once the custodians confirm or deny the ownership, and the workflow is complete, the status summary is displayed in the Data Insight Management Console. A Data Insight administrator may review the status and take further actions based on it.
Mark a file as Record or No record.
When the custodians submit their response and a file marked as Record, Data Insight automatically sends a request to Enterprise Vault™ to archive the document. and apply configured post-processing actions on the document if the following conditions are fulfilled:
Once you submit a workflow from the Data Insight console, the custodians receive an email notification with a link to the Self-Service Portal. They can log in to the portal, choose the necessary remediation actions, and submit the same for execution by the DLP Enforce Server, Enterprise Vault server, or the Data Insight Management Server, depending on the type of workflow.
If you do not have a valid portal license or if your base or portal license has expired, Data Insight disables the option to create workflows.