Finding data users and accesses in incident reports

The Data Insight Lookup Plug-in populates the custom attributes that were defined and mapped during the configuration.
The names of these custom attributes may be different in your configuration. General names for the custom attributes are in the examples and explanation of possible reports in this section.
Use cases for reports shows use cases with suggestions for reports.
Use cases for reports
Use case
Description
Reports
Data owner
File owner information may not reflect the responsible party. The responsible party or data owner can be a line manager in the business unit, the head of a department, or an information security officer.
Veritas Data Insight
provides information to tie the most active user of a file to a manager or responsible party for remediation steps.
Use the summary reports and filters to determine the incidents of interest.
The LDAP Lookup Plug-in, CSV Lookup Plug-in, or a Script Lookup Plug-in can locate the manager or department of the file owner.
Use the incident snapshot report to determine the responsible party. Use the
Attributes
section to view the information from the lookup plug-ins. Use the attributes
Lookup
option to retrieve the information, if it is not present.
Next-best owner identification
The
File Owner
field may return an unresolvable account for an individual that has left the organization. For example, in Windows Active Directory, every user has an underlying unique identifier that is associated with their account. This identifier is sometimes an unidentifiable string of information.
Veritas Data Insight
provides information to drop down to the next resolvable account that names an individual.
Veritas Data Insight
provides several data user fields.
Use the summary reports and filters to determine the incidents of interest.
Use the incident snapshot report to determine the
File Owner
. If that owner is not identifiable, use the
Attributes
section to determine the next-best owner. The
Attributes
section contains the information from the
Veritas Data Insight
Management Server.
Data leak investigation
In the event of a data leak, customers want to know who saw a particular file.
Symantec Data Loss Prevention
incident snapshots provide information to tie the incident back to the
Veritas Data Insight
Management Server. On the
Veritas Data Insight
Management Server, you can view detailed information and an audit history of who accessed the data. Additional remediation steps can then be taken to report on those individuals or launch subsequent targeted scans on their assets.
Use the summary reports and filters to determine the incidents of interest.
Use the incident snapshot report to view details of an incident.
Click the
go to Data Insight
option in the
Incident Details
section to view additional details.
In the incident snapshot, click the
Correlations
tab to view a list of the incidents that share attributes with the current incident.