Symantec Data Loss and Prevention (DLP)

With Symantec Data Loss Prevention, you can discover, monitor and protect sensitive data wherever it's used - in the office, on the road, or in the cloud. It gives you complete visibility and control across the broadest range of data loss channels: cloud apps, endpoints, data repositories, and email and web communications.

Integration with LogicHub

Connecting with Symantec DLP

To connect to Symantec DLP following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • URL: URL to your Symantec Data Loss and Prevention (DLP) instance. Example: 'https://localhost:443'
  • Username : Username to login to Symantec Data Loss and Prevention (DLP) instance. If you're an AD user use format ':<Active_Directory_Domain_In_Upper_Case>' or '<Username>:<Active_Directory_Domain_In_Upper_Case>'
  • Password: Password to login to Symantec Data Loss and Prevention (DLP) instance.

Actions with Symantec DLP

List Incidents

Get a list of incidents by the saved Report ID.

Inputs to this Action:

  • Connection: Choose a connection that you have created
  • Report ID: Column name from the parent table to lookup value for Report ID
  • Start Date (Optional): Specify column name from parent table containing start date. The column-value should be in any one of the standard ISO time formats. Eg: '2019-10-14T10:49:41.5-03:00'. Default: flow-start-time

Output of Action:
JSON object having following fields:

  • has_error: True/False
  • error: message/null
  • result: Incident IDs [Array of offences]

Get Incident Details

Get Incident Details for an Incident ID

Inputs to this Action:

  • Connection: Choose a connection that you have created
  • Incident ID: Column name from the parent table to lookup value for the Incident ID
  • Include Violations (Optional): Yes/No. Indicate whether policy violation data should be returned with the basic incident details. Default 'No'
  • Include History (Optional): Yes/No. Indicate whether incident history information should be returned with the basic incident details. Default 'No'

Output of Action:
JSON object having following fields:

  • has_error: True/False
  • error: message/null
  • result: Incident Details

Get Incident Binaries

Get Incident Binaries for an Incident ID

Inputs to this Action:

  • Connection: Choose a connection that you have created
  • Incident ID: Column name from the parent table to lookup value for Incident ID
  • Include Original Message (Optional): Yes/No. Indicate whether an original message should be included in the response document. Default 'No'
  • Include All Components (Optional): Yes/No. Indicate whether to include all message components (for example, headers and file attachments) in the response document. Default 'No'

Output of Action:
JSON object having following fields:

  • has_error: True/False
  • error: message/null
  • result: Binary Details

Update Incidents

Update incident status and/or notes.

Inputs to this Action:

  • Connection: Choose a connection that you have created
  • Incident ID: Column name from the parent table to lookup value for Incident ID
  • Status (Optional): Select from one of the defined status value of incident if need to be updated
  • Add Notes (Optional): Jinja-templated string representing a note to update the incident with, if needed

Output of Action:
JSON object having following fields:

  • has_error: True/False
  • error: message/null
  • result: IncidentResponse object

Did this page help you?