cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Grigoriy
Level 9
Report Inappropriate Content
Message 1 of 5

Re-classify DLP incidents, stored in database

Jump to solution

Good day, dear community members.

We have a bunch of DLP incidents in DLP Incident Manager.

Is it possible to re-classify  or to filter this incidents in ePO, using new classification (i.e. using new dictionary with key-words)?

 

#Data Loss Prevention (DLP)

1 Solution

Accepted Solutions
Fademidun
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: Re-classify DLP incidents, stored in database

Jump to solution

Hey, I don't think this is possible, existing incident in incident manager already had time stamp/evidence and rules locked down with the classification, doing this will invalidate the incident and messed up the reporting. Once an incident is generated and recorded in incident manager based on classification, it cannot be amended, to reclassify means you need to generate new incident based on new classifications, you can still use same rule/rule sets. e.g. if your classification is based on IBAN and changed it to PCI, old incident - IBAN cannot be reclassify as - PCI, not possible. Even if you run a report and try to manipulate it, it won't work. I am open to anyone done this before to explain how it's achievable

View solution in original post

4 Replies
Fademidun
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 5

Re: Re-classify DLP incidents, stored in database

Jump to solution

,

 

Are you referring to existing in Incident manager or new incidents? and to reclassify or filter by new classification, you'll need to probably create New dictionary entry/Classification/New rules sets/New rule

Grigoriy
Level 9
Report Inappropriate Content
Message 3 of 5

Re: Re-classify DLP incidents, stored in database

Jump to solution

Hello

I'm referring to existing events in Incident manager - is it possible to filter existing events by new classification or reclassify them?

Fademidun
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: Re-classify DLP incidents, stored in database

Jump to solution

Hey, I don't think this is possible, existing incident in incident manager already had time stamp/evidence and rules locked down with the classification, doing this will invalidate the incident and messed up the reporting. Once an incident is generated and recorded in incident manager based on classification, it cannot be amended, to reclassify means you need to generate new incident based on new classifications, you can still use same rule/rule sets. e.g. if your classification is based on IBAN and changed it to PCI, old incident - IBAN cannot be reclassify as - PCI, not possible. Even if you run a report and try to manipulate it, it won't work. I am open to anyone done this before to explain how it's achievable

Grigoriy
Level 9
Report Inappropriate Content
Message 5 of 5

Re: Re-classify DLP incidents, stored in database

Jump to solution

Hello,

Thank you!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community