Finding data users and accesses in incident reports
The Data Insight Lookup Plug-in populates the custom attributes that were defined and mapped during the configuration.
The names of these custom attributes may be different in your configuration. General names for the custom attributes are in the examples and explanation of possible reports in this section.
Use cases for reports shows use cases with suggestions for reports.
Use case | Description | Reports |
|---|---|---|
Data owner | File owner information may not reflect the responsible party. The responsible party or data owner can be a line manager in the business unit, the head of a department, or an information security officer. Veritas Data Insight provides information to tie the most active user of a file to a manager or responsible party for remediation steps. | Use the summary reports and filters to determine the incidents of interest. The LDAP Lookup Plug-in, CSV Lookup Plug-in, or a Script Lookup Plug-in can locate the manager or department of the file owner. Use the incident snapshot report to determine the responsible party. Use the Attributes section to view the information from the lookup plug-ins. Use the attributes Lookup option to retrieve the information, if it is not present. |
Next-best owner identification | The File Owner field may return an unresolvable account for an individual that has left the organization. For example, in Windows Active Directory, every user has an underlying unique identifier that is associated with their account. This identifier is sometimes an unidentifiable string of information. Veritas Data Insight provides information to drop down to the next resolvable account that names an individual.Veritas Data Insight provides several data user fields. | Use the summary reports and filters to determine the incidents of interest. Use the incident snapshot report to determine the File Owner . If that owner is not identifiable, use the Attributes section to determine the next-best owner. The Attributes section contains the information from the Veritas Data Insight Management Server. |
Data leak investigation | In the event of a data leak, customers want to know who saw a particular file. Symantec Data Loss Prevention incident snapshots provide information to tie the incident back to the Veritas Data Insight Management Server. On the Veritas Data Insight Management Server, you can view detailed information and an audit history of who accessed the data. Additional remediation steps can then be taken to report on those individuals or launch subsequent targeted scans on their assets. | Use the summary reports and filters to determine the incidents of interest. Use the incident snapshot report to view details of an incident. Click the go to Data Insight option in the Incident Details section to view additional details.In the incident snapshot, click the Correlations tab to view a list of the incidents that share attributes with the
current incident. |