Symantec Data Loss Prevention
Version: Symantec DLP 14.5 and Above Version
The Symantec Data Loss Prevention Enforce Server is the central management platform that enables you to define, deploy, and enforce data loss prevention and security policies. The Enforce Server administration console provides a centralized, web-based interface for deploying detection servers, authoring policies, remediating incidents, and managing the system.
Netsurion Open XDR integrates with Symantec DLP to capture the logs triggered for policy violations by the user. It also helps to visualize the policy violation and audit activities (policy changes, system management) happening on Symantec DLP. It will trigger the alerts whenever the user violates any policies. Reports will give you the details about audit activities and policy violation.
Syslog messages from Symantec DLP can be forwarded to Netsurion Open XDR and based on these logs, alerts and reports can be configured in Netsurion Open XDR.
Netsurion Data Source Integration for Symantec DLP allows you to monitor the following components: –
- Security – Policy Violation and Audit Activities.
- Compliance – User Login and Logout and Authentication Failures.
- Operation – Web Activities.
Once Symantec DLP is configured to deliver events to Netsurion Open XDR Manager; Knowledge objects and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Symantec DLP – Audit Changes | This alert will trigger whenever policy rule updated, policy rule is changed. |
| Security | Symantec DLP – Policy Violation | This alert will trigger whenever response rule match with severity as high or severe or critical. |
| Compliance | Symantec DLP – Authentication Failed | This alert will trigger whenever Symantec DLP web user authentication fails, and user not found. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Symantec DLP – Policy Violation | This report provides information related to the users and systems that violated the mentioned policy. |
| Security | Symantec DLP – Audit Activities | This report provides information related to changed policy, policy updated. |
| Operations | Symantec DLP – Web Activities | This report provides information related to the accessing (access log) Symantec DLP detail IP address, web request method, and browser details. |
| Compliance | Symantec DLP – User Login and Logout | This report provides information related to the user login, logout and user authenticated. |
| Compliance | Symantec DLP – Authentication Failed | This report provides information related to the authentication failed for user and could not find the user. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.x and later, and Symantec DLP.
Download Integration Guide for configuration instructions and more information