Create a Data Loss Prevention Response Rule to perform various tasks
searchcancel
Create a Data Loss Prevention Response Rule to perform various tasks
book
Article ID: 172010
calendar_today
Updated On: 11-15-2023
Products
Data Loss Prevention Enforce
Issue/Introduction
Response rules can be added to a policy to take automated action on incidents.
For example, if a policy is violated, a response rule can block the transmission of a file containing sensitive content.
Response rules are created, modified, and managed separately from the policies that use them.
This decoupling makes it possible to update and reuse response rules across policies.
Response rules can be run automatically or can be configured as a Smart Response rule that incident remediators can execute on demand.
Conditions can also be implemented to control how and when automated response rules execute.
Environment
DLP 15.0
Resolution
Implementing response rules
Response rules are defined independently from policies.
You must have response rule authoring privileges to create and manage response rules.
Review the available response rules.
The Manage > Policies > Response Rules screen displays all configured response rules, and the starting point for adding new ones
Click Add Response Rule to define a new response rule
At the New Response Rule screen, select one of the following options:
Automated Response - The system automatically executes the response action as the server
evaluates incidents (default option)
Smart Response - An authorized user executes the response action from the Incident
Snapshot screen in the Enforce Server administration console
Click Next to configure the response rule.
Enter a response Rule Name and Description
Optionally, define one or more Conditions to dictate when the response rule
executes. If no condition is declared, the response rule action always executes when there is a match (assuming that the detection rule is configured the same). Skip this step if you selected the Smart Response rule option
Select and configure one or more Actions. You must define at least one action
Click Save to save the response rule definition
Decide the type of response rule to implement: Smart, Automated, both
Determine the type of actions you want to implement and any triggering conditions
Understand the order of precedence among the response rule actions of different and the same types
Integrate the Enforce Server with an external system (if required for the response rule)
Add a new response rule
Configure response rules
To add an automated response rule to a policy
Log on to the Enforce Server administration console with policy authoring privileges
Navigate to the Manage > Policies > Policy List > Configure Policy screen for the policy you want to add a response rule to
Select the response rule you want to add from those available in the drop-down menu
4 Click Add Response Rule to add the response rule to the policy