Symantec Data Loss Prevention

Version: Symantec DLP 14.5 and Above Version

The Symantec Data Loss Prevention Enforce Server is the central management platform that enables you to define, deploy, and enforce data loss prevention and security policies. The Enforce Server administration console provides a centralized, web-based interface for deploying detection servers, authoring policies, remediating incidents, and managing the system.

Netsurion integrates with Symantec DLP to capture the logs triggered for policy violations by the user. It also helps to visualize the policy violation and audit activities (policy changes, system management) happening on Symantec DLP. It will trigger the alerts whenever the user violates any policies. Reports will give you the details about audit activities and policy violation.

Syslog messages from Symantec DLP can be forwarded to Netsurion Enterprise and based on these logs, alerts and reports can be configured in Netsurion.

Netsurion Data Source Integration for Symantec DLP allows you to monitor the following components: -

  • Security – Policy Violation and Audit Activities.
  • Compliance –  User Login and Logout and Authentication Failures.
  • Operation – Web Activities.

Once Symantec DLP is configured to deliver events to Netsurion Manager; Knowledge objects and reports can be configured into Netsurion .

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security Symantec DLP - Audit Changes This alert will trigger whenever policy rule updated, policy rule is changed.
Security Symantec DLP - Policy Violation This alert will trigger whenever response rule match with severity as high or severe or critical.
Compliance Symantec DLP - Authentication Failed This alert will trigger whenever Symantec DLP web user authentication fails, and user not found.

Reports

Type Name Description
Security Symantec DLP - Policy Violation This report provides information related to the users and systems that violated the mentioned policy.
Security Symantec DLP - Audit Activities This report provides information related to changed policy, policy updated.
Operations Symantec DLP - Web Activities This report provides information related to the accessing (access log) Symantec DLP detail IP address, web request method, and browser details.
Compliance Symantec DLP – User Login and Logout This report provides information related to the user login, logout and user authenticated.
Compliance Symantec DLP – Authentication Failed This report provides information related to the authentication failed for user and could not find the user.

Documentation

The configuration details in this guide are consistent with Netsurion version 9.x and later, and Symantec DLP 14.5 and above version.

Download Integration guide for more information.