Create DLP Incident Remediation workflow options
Prev Creating a workflow using a template Next

Create DLP Incident Remediation workflow options

Use the dialog to create an instance of a Data Loss Prevention (DLP) Incident Remediation workflow. You can view the summary of the options you select in the right-hand panel of the page.

Table: Create DLP Incident Remediation workflow

Option

Description

Workflow Information

Enter information in the following fields:

  • Name - Enter a logical name for the workflow.

  • Description - Enter a short description for the workflow.

  • Workflow Type - Describes the type of workflow.

  • Template - Select the template you want to use for creating the workflow.

    See About workflow templates.

  • Portal Node for Execution - From the drop-down, select the Self-Service Portal node to which you want to submit the workflow.

    Click Test portal connection to test the availability of network connection between the Data Insight Management Server and the Self-Service Portal.

  • Click Test portal connection to test the connection between the SMTP server and the DLP Enforce Server to the Self-Service Portal.

    Enter the email IDs of the recipients of the workflow request, and click Test. You will see a response from the SMTP server if the connection to the Portal node succeeds.

  • Select the start and the end date for completing the workflow.

Data Selection

Do the following:

  1. Select the Physical Hierarchy radio button to view the configured file servers or SharePoint web applications. Or, select the DFS Hierarchy radio button to view the configured DFS paths in a domain.

  2. From the Resource Selection drop-down, select one of the following options:

    • Physical or DFS paths - Select the physical or DFS paths that violate DLP policies.

    • Opens Shares - Select the open shares that need to be remediated.

    • Containers - Select configured containers. Data Insight presents the paths in the containers that violate DLP policies.

    • Policies - Data Insight displays the configured DLP policies. Select a policy to remediate the paths that violate the policy.

    • Enter paths manually - Enter the full path that you want to remediate.

    • Upload CSV - Browse to the location of the .csv file that contains the paths that you want to remediate. Only valid paths in the CSV file are displayed in the Selected Resources pane.

      Note:

      Custodians that are assigned through CSV are applicable only for the workflow. They will not be assigned to paths in Data Insight. To assign a user as a custodian for paths Data Insight, you must explicitly assign them from the Management Console.

    • Select paths having custodians - Data Insight retrieves only the list of paths that have custodian assignments. Select paths from the list.

      You must you run the Data Custodian Summary report to fetch recent custodian assignments.

    The selected data set is listed in the Selected Resources pane.

    Note:

    You can only select paths containing sensitive files if the file classification information is fetched from DLP. If the sensitive file information in your environment is imported into Data Insight using a .csv file, it does not let you select paths for remediation. This is because the Incident Remediation workflow requires a DLP incident ID and severity information for effective remediation. For more information about DLP incidents, see the Symantec Data Loss Prevention Administrator's Guide.

Resource-Custodian Selection

This panel displays the following:

  • The paths that you select under the Data Selection sub-tab.

  • The paths for which custodians are already assigned and those paths for which custodians are not assigned.

  • The email address of the custodian.

    Data Insight displays the email address only if you have added the email custom attribute and have also marked the attribute as email alias when you add the directory service.

For the paths that do not have custodians, you can assign custodians using the following methods:

  1. Click Import Custodian, and select one of the following options:

    • Upload a .csv file with information about paths and corresponding custodians

    • Select a user who is configured in Data Insight as the custodian.

    • Select a Data Insight suggested data owner as the custodian.

    • Select a custom attribute of a Data Insight suggested data owner and assign it as a custodian. For example, you can select the manager of a user who is a suggested data owner as the custodian.

  2. Click Assign Custodian, and select the custodian from the users list.

You can remove custodians from selected paths or delete paths from the workflow. Do the following:

  1. Click Remove Custodian to remove a custodian from a selected path.

  2. Click Delete Paths to remove the selected paths from the workflow.

More Information

About remediation workflows

Creating a workflow using a template

Prev Up Next
Customizing Entitlement Review report output Home Create Ownership Confirmation workflow options