Chicago (Midwest) Data Loss Prevention User Group

 View Only
  • 1.  Masking/Redacting Information in DLP Incidents and Reports

    Posted Oct 10, 2011 12:02 PM

    Hello, does anyone know how to mask or hide the sensitive information that shows up in incidents or reports. For example, instead of having the item that matches the policy highlighted in yellow, can I have it obscured in black?



  • 2.  RE: Masking/Redacting Information in DLP Incidents and Reports

    Posted Oct 11, 2011 02:34 AM

    To the best of my knowledge, there is no feature / tweak for this..



  • 3.  RE: Masking/Redacting Information in DLP Incidents and Reports

    Posted Mar 16, 2012 10:46 AM

    yes Larry,

    You can do this but for that you need to change the view attribute settings as per role based.When you create any user account you can define the view/ visibility of specific information realted to incidents. you can hide or unhide the incident data as per user role. in

    Manage->User Groups->

    Symantec Data Loss Prevention provides role-based access control to govern how users access product features and functionality. For example, a role might let users view reports, but prevent users from creating policies or deleting incidents. Or, a role might let users author policy response rules but not detection rules.

    To configure a role

    1. Navigate to the System > User Management > Roles screen.
    2. Click Add Role.

    The Configure Role screen appears, displaying the following tabs: General, Incident Access, Policy Management, and Users.

    1. In the General tab:
      • Enter a unique Name for the role. The name field is case-sensitive and is limited to 30 characters. The name you enter should be short and self-describing. Use the Description field to annotate the role name and explain its purpose in more details. The role name and description appear in the Role List screen.
      • In the User Privileges section, you grant user privileges for the role.
      • To restrict viewing access to only certain incident types, select (highlight) the type of incident you want to authorize this role to view. (Hold down the Ctrl key to make multiple selections.) If a role does not allow a user to view part of an incident report, the option is replaced with "Not Authorized" or is blank.