How to hide sensitive details in incidents generated on Data Loss Prevention?
search cancel

How to hide sensitive details in incidents generated on Data Loss Prevention?


Article ID: 164636


Updated On:


Data Loss Prevention Enforce


It might be possible that Incident Snapshots of incidents created by Symantec Data Loss Prevention will contain the same sensitive information that have generated the incidents in the first place. For example, this may be credit card details entered on a web site, which then will be viewable for every DLP user looking at the corresponding Incident Snapshot. This may be an undesirable situation and it might be necessary to limit what DLP users can see in the incident details. 


To hide parts of Incident Snapshot, you can use Roles and their Display Attributes settings that control which parts of the incidents are visible for a particular Role. To do this, follow these steps:

  1. Log in to Enforce as a user that has the User Administration rights. 
  2. Go to the System -> Login Management -> Roles submenu.
  3. Select an existing Role that you want to reconfigure, or create a new Role by clicking the Add Role button. 
  4. Scroll down to the section Display Attributes.
  5. Uncheck the incident attributes that you want to hide from all users assigned to the Role. For this scenario, the most useful attributes to hide will be Message Body, Matches, or Original Message.

It's recommended to test unchecking the selected attributes one by one and then verifying whether the incident is now properly hiding the sensitive data.  Which attributes should be unchecked depends on which sensitive information you want to hide from the DLP users. 

To learn more about what each incident attribute represents, refer to either the Enforce online help or the DLP Admin Guide.