Creating and distributing aggregated incident reports to data owners

You can create and automatically distribute aggregated incident reports to data owners for remediation.
An automatic workflow can be set up for the following use cases:
  • Automatically or manually set the
    Data Owner Name
    and
    Data Owner Email Address
    for new incidents.
  • Set a custom status value or custom attribute to mark that the
    Data Owner Name
    for an incident has been verified. Custom attributes and custom status values can also mark incidents for other workflow steps.
  • Set up a recurring email schedule.
    Reports can be configured to be sent on a recurring schedule, sending only the incidents that have not yet been distributed.
  • Mark the incident as sent.
    After the report is sent, the status attributes and custom attributes can optionally be set, to flag the incidents for the next stage of the workflow.
  • Automate the tasks.
    Lookup plug-in scripts and chained lookup plug-ins can automate the tasks in the workflow sequence.
The following process describes a complex use case that includes the setup tasks, and suggestions to automate some steps in the process.
Setting up, creating, and distributing aggregated incident reports to data owners
Step
Action
Description
1
Install and set up the
Veritas Data Insight
Management Server.
Make sure that the
Veritas Data Insight
Management Server has access to the files or file systems of interest.
See the following
Veritas Data Insight
documentation:
  • Veritas Data Insight Installation Guide
  • Veritas Data Insight Administrator's Guide
2
Install the
Symantec Data Loss Prevention
product, including at least one
Network Discover
Server.
See the
Symantec Data Loss Prevention Installation Guide
.
3
Set up the connection between the Enforce Server and the
Veritas Data Insight
Management Server.
The
Data Insight
page in the Enforce Server administration console is now accessible to all
Network Discover
customers without a license file.
4
Test the connection from the Enforce Server to the
Veritas Data Insight
Management Server.
5
On the Enforce Server, create a custom status value or custom attribute for the Data Owner Name verification, and any workflow status attributes.
6
Map the details from the
Veritas Data Insight
Management Server into the custom attributes that you created.
Edit the properties file for
Veritas Data Insight
on the Enforce Server, to map the details from the
Veritas Data Insight
Management Server into the custom attributes that you created.
7
Map any of the
Veritas Data Insight
attributes directly into the
Data Owner Name
field.
To map the
Veritas Data Insight
data user (the person who uses the file most frequently) to the
Data Owner Name
, set the
Data_User
parameter.
8
Set up all your lookup plug-ins.
For example, you may want to chain the LDAP Lookup Plug-in to take the
Data Owner Name
and set the
Data Owner Email Address
as either the data owner or the manager of the data owner.
No built-in capability provides consistency between the data owner and email address. This action must be customized.
The
Data Owner Email Address
can have multiple email addresses that are separated with commas.
If duplicate attribute names exist between these names and custom attributes, then both fields are updated.
9
Verify that the Enforce Server general settings are set up to send email notifications.
Set up the SMTP notification settings.
Set the option
Send report data with emails
.
10
Verify that the incident responder has the privileges to run the reports.
The
Remediate Incidents
privilege is required to configure and run the reports.
The
Lookup Attributes
privilege is required to set attributes from the lookup plug-ins.
The User Privilege
CSV Attachment in Email Reports
is required to attach the CSV report to the email.
11
Set up a
Network Discover
and run a sample scan of the file systems of interest.
12
Set up any custom reports.
Set up a filtered report, or set up any report that you want to distribute. For example, you can filter based on the new incidents.
Select the option
Change Incident Status / Attributes
of the reports scheduling to set incident status or attributes when the email is sent.
You can also manually set the custom attribute that indicates these incidents were verified. Select any or all incidents in the list. Use the drop-down
Incident Actions
and select
Set Attributes
. You can also set a custom status from this drop-down menu.
13
Save the custom reports and set up a distribution schedule.