Data Loss Prevention

 View Only

Correlation to support incident management workflow

  • 1.  Correlation to support incident management workflow

    Posted Jul 01, 2011 06:39 PM

    Hi there,

    I'm working on designing the incident handling workflow and processes. One specific question relates to correlation of multiple incidents, ie same user daily / same destination / etc. How can this use case be best represented within the DLP console?

    The incident handler needs to be able to link multiple incidents as one. This one incident can then be updated / reported / escalated to another level. I understand that within DLP you can create a case and assign multiple incidents as one case ID. However, the challenge is how to manage the ID number without integration with a third party tool? Is there anyway the DLP tool can support this?

    Has anyone had experience with correlating DLP incidents and can share?

    K