Data Loss Prevention

 View Only

  • 1.  Search for SSN inside of the DLP incidents

    Posted Jan 16, 2013 04:11 PM

    Hello, I was wondering if there was a way that I can search all incidents for a specific SSN.

     

    So basically, I have an SSN and I want to search all of the incidents to date to see if this particular incident popped up. Is there any way to search within the actual match itself within the incident?



  • 2.  RE: Search for SSN inside of the DLP incidents

    Posted Jan 17, 2013 12:45 AM

    off the top of my head no idea... i would probally guess may be ITA

    http://www.symantec.com/business/support/index?page=content&id=DOC5526

     



  • 3.  RE: Search for SSN inside of the DLP incidents

    Posted Jan 17, 2013 12:54 PM

    You could do an XML export with incident violations enabled and then process that resulting file. The resulting file would be huge and depending on how many hits you get it may not be manageable at that size but it would show that prior events occured. if you have someone with decent expereince in putting the XML into a searchable database you could leverage it more.



  • 4.  RE: Search for SSN inside of the DLP incidents

    Posted Feb 16, 2013 09:56 AM

    yes, it has search filter in which u enter specific SSN no and search in attachement or in body.