Creating and distributing aggregated incident reports to data owners
You can create and automatically distribute aggregated incident reports to data owners for remediation.
An automatic workflow can be set up for the following use cases:
- Automatically or manually set theData Owner NameandData Owner Email Addressfor new incidents.
- Set a custom status value or custom attribute to mark that theData Owner Namefor an incident has been verified. Custom attributes and custom status values can also mark incidents for other workflow steps.
- Set up a recurring email schedule.Reports can be configured to be sent on a recurring schedule, sending only the incidents that have not yet been distributed.
- Mark the incident as sent.After the report is sent, the status attributes and custom attributes can optionally be set, to flag the incidents for the next stage of the workflow.
- Automate the tasks.Lookup plug-in scripts and chained lookup plug-ins can automate the tasks in the workflow sequence.
The following process describes a complex use case that includes the setup tasks, and suggestions to automate some steps in the process.
Step | Action | Description |
|---|---|---|
1 | Install and set up the Veritas Data Insight Management Server.Make sure that the Veritas Data Insight Management Server has access to the files or file systems of interest. | See the following Veritas Data Insight documentation:
|
2 | Install the Symantec Data Loss Prevention product, including at least one Network Discover Server. | See the Symantec Data Loss Prevention Installation Guide . |
3 | Set up the connection between the Enforce Server and the Veritas Data Insight Management Server. | The Data Insight page in the Enforce Server administration console is now accessible to all Network Discover customers without a license file. |
4 | Test the connection from the Enforce Server to the Veritas Data Insight Management Server. | |
5 | On the Enforce Server, create a custom status value or custom attribute for the Data Owner Name verification, and any workflow status attributes. | |
6 | Map the details from the Veritas Data Insight Management Server into the custom attributes that you created. | Edit the properties file for Veritas Data Insight on the Enforce Server, to map the details from the Veritas Data Insight Management Server into the custom attributes that you created. |
7 | Map any of the Veritas Data Insight attributes directly into the Data Owner Name field. | To map the Veritas Data Insight data user (the person who uses the file most frequently) to the Data Owner Name , set the Data_User parameter. |
8 | Set up all your lookup plug-ins. | For example, you may want to chain the LDAP Lookup Plug-in to take the Data Owner Name and set the Data Owner Email Address as either the data owner or the manager of the data owner.No built-in capability provides consistency between the data owner and email address. This action must be customized. The Data Owner Email Address can have multiple email addresses that are separated with commas.If duplicate attribute names exist between these names and custom attributes, then both fields are updated. |
9 | Verify that the Enforce Server general settings are set up to send email notifications. | Set up the SMTP notification settings. Set the option Send report data with emails . |
10 | Verify that the incident responder has the privileges to run the reports. | The Remediate Incidents privilege is required to configure and run the reports.The Lookup Attributes privilege is required to set attributes from the lookup plug-ins.The User Privilege CSV Attachment in Email Reports is required to attach the CSV report to the email. |
11 | Set up a Network Discover and run a sample scan of the file systems of interest. | |
12 | Set up any custom reports. | Set up a filtered report, or set up any report that you want to distribute. For example, you can filter based on the new incidents. Select the option Change Incident Status / Attributes of the reports scheduling to set incident status or attributes when the email is sent.You can also manually set the custom attribute that indicates these incidents were verified. Select any or all incidents in the list. Use the drop-down Incident Actions and select Set Attributes . You can also set a custom status from this drop-down menu. |
13 | Save the custom reports and set up a distribution schedule. |