Symantec Data Loss and Prevention (DLP)
Version: 2.0.0
With Symantec Data Loss Prevention, you can discover, monitor and protect sensitive data wherever it's used - in the office, on the road, or in the cloud. It gives you complete visibility and control across the broadest range of data loss channels: cloud apps, endpoints, data repositories, and email and web communications.
Connect Symantec DLP with LogicHub
- Navigate to Automations > Integrations.
- Search for Symantec Data Loss and Prevention.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- URL: URL to your Symantec Data Loss and Prevention (DLP) instance. Example: 'https://localhost:443'
- Username : Username to login to Symantec Data Loss and Prevention (DLP) instance. If you're an AD user use format ':<Active_Directory_Domain_In_Upper_Case>' or '<Username>:<Active_Directory_Domain_In_Upper_Case>'
- Password: Password to login to Symantec Data Loss and Prevention (DLP) instance.
- After you've entered all the details, click Connect.
Actions for Symantec DLP
List Incidents
Get a list of incidents by the saved Report ID.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Report ID | Column name from the parent table to lookup value for Report ID. | Required |
| Start Date | Specify column name from parent table containing start date. The column-value should be in any one of the standard ISO time formats. Example: '2019-10-14T10:49:41.5-03:00'. Default: flow-start-time. | Optional |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Incident IDs [Array of offences]
Get Incident Details
Get Incident Details for an Incident ID
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Incident ID | Column name from the parent table to lookup value for the Incident ID. | Required |
| Include Violations | Yes/No. Indicate whether policy violation data should be returned with the basic incident details. Default 'No'. | Optional |
| Include History | Yes/No. Indicate whether incident history information should be returned with the basic incident details. Default 'No'. | Optional |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Incident Details
Get Incident Binaries
Get Incident Binaries for an Incident ID
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Incident ID | Column name from the parent table to lookup value for Incident ID. | Required |
| Include Original Message | Yes/No. Indicate whether an original message should be included in the response document. Default 'No'. | Optional |
| Include All Components | Yes/No. Indicate whether to include all message components (for example, headers and file attachments) in the response document. Default 'No' | Optional |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Binary Details
Update Incidents
Update incident status and/or notes.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Incident ID | Column name from the parent table to lookup value for Incident ID. | Required |
| Status | Select from one of the defined status value of incident if need to be updated. | Optional |
| Add Notes | Jinja-templated string representing a note to update the incident with, if needed | Optional |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: IncidentResponse object
Release Notes
v2.0.0- Updated architecture to support IO via filesystem
Updated 6 months ago