Integrate Data Loss Prevention with a syslog server

book

Article ID: 184399

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention Data Loss Prevention Endpoint Prevent

Issue/Introduction

You need to configure Symantec Data Loss Prevention (DLP) to send data to a syslog server.

Resolution

Refer to the DLP Admin guide for configuration steps for each option below.

  • DLP server events can be sent by configuring the Manager.properties file on the Enforce server.
  • Incident data can also be sent to a syslog server. This process requires creating a response rule and assigning the response rule to various policies.

For specific information on sending incident data to a Splunk syslog server refer to the Splunk website, https://docs.splunk.com/Documentation/AddOns/released/SymantecDLP/Setup