Create DLP Incident Remediation workflow options
Use the dialog to create an instance of a Data Loss Prevention (DLP) Incident Remediation workflow. You can view the summary of the options you select in the right-hand panel of the page.
Creation of DLP Incident Remediation workflows is not supported for the Microsoft OneDrive, SharePoint Online, and Documentum data sources.
Table: Create DLP Incident Remediation workflow
Option | Description |
---|
Workflow Information | Enter information in the following fields: Name - Enter a logical name for the workflow. Description - Enter a short description for the workflow. Workflow Type - Describes the type of workflow. Template - Select the template you want to use for creating the workflow. See About workflow templates. Portal Node for Execution - From the drop-down, select the Self-Service Portal node to which you want to submit the workflow. Click to test the availability of network
connection between the Data Insight Management Server and the Self-Service Portal. Click to test the connection between the SMTP server and the DLP Enforce Server to the Self-Service Portal. Enter the email IDs of the recipients of the workflow request, and click . You will see a response from the SMTP server if the connection to the Portal node succeeds. Select the start and the end date for completing the workflow.
|
Data Selection | Do the following: Select the radio
button to view the configured file
servers or SharePoint web applications.
Or, select the radio
button to view the configured DFS
paths in a domain.
From the Resource Selection drop-down, select one of the following options: Physical or DFS paths - Select the physical or DFS paths that violate DLP policies. Opens Shares - Select the open shares that need to be remediated. Containers - Select configured containers. Data Insight presents the paths in the containers that violate DLP policies. Policies - Data Insight displays the configured DLP policies. Select a policy to remediate the paths that violate the policy. Enter paths manually - Enter the full path that you want to remediate. Upload CSV - Browse to the location of the .csv file that contains the paths that you want to remediate. Only valid
paths in the CSV file are displayed in
the Selected Resources pane. Custodians that are assigned through CSV are applicable only for the workflow. They will not be assigned to paths in Data Insight. To assign a user as a custodian for paths Data Insight, you must explicitly assign them from the Management Console. Select paths having custodians - Data Insight retrieves only the list of paths that have custodian assignments. Select paths from the list. You must you run the Data Custodian Summary report to fetch recent custodian assignments.
The selected data set
is listed in the Selected Resources pane. You can only select paths containing sensitive files if the file classification information is fetched from DLP. If the sensitive file information in your environment is imported into Data Insight using a .csv file, it does not let you select paths for remediation. This is because the Incident Remediation workflow requires a DLP incident ID and severity information for effective remediation. For more information about DLP incidents, see the Symantec Data Loss Prevention Administrator's Guide.
|
Resource-Custodian Selection | This panel displays the following: The paths that you select under the Data Selection sub-tab. The paths for which custodians are already assigned and those paths for which custodians are not assigned. The email address of the custodian. Data Insight displays the email address only if you have added the email custom attribute and have also marked the attribute as email alias when you add the directory service.
For the paths that do not have custodians, you can assign custodians using the following methods: Click , and select one of the following options: Upload a .csv file with information about paths and corresponding custodians Select a user who is configured in Data Insight as the custodian. Select a Data Insight suggested data owner as the custodian. Select a custom attribute of a Data Insight suggested data owner and assign it as a custodian. For example, you can select the manager of a user who is a suggested data owner as the custodian.
Click , and select the custodian from the users list.
You can remove custodians from selected paths or delete paths from the workflow. Do the following: Click to remove a custodian from a selected path. Click to remove the selected paths from the workflow.
|