Which user permissions are required to enable Information Centric Analytics' (ICA) View DIM Payload button and the writeback of DIM incident status updates to Symantec DLP?
Release : 6.5.4
Component : Symantec DLP Integration Pack
When integrating Symantec DLP with ICA, you are required to provide the username and password of an Enforce user that has been assigned the privileges and rights needed to query DLP's Incident, API, and Download Attachment URLs. Depending upon whether the option DLP Writeback Enabled is true or false, the Incident Update API may need to be granted to a role assigned to that user. At a minimum to enable the View DIM Payload button on DIM Incident Details pages, the following privileges and rights need to be assigned to the Enforce user:
In addition to the minimum privileges highlighted, we recommend enabling the Endpoint, Discover, and Custom attributes privileges.
To enable DLP writeback, the Remediate Incidents privilege needs to be selected under Actions, and the Incident Update privilege needs to be selected under Incident Reporting and Update API.
Please refer to the Symantec Information Centric Analytics 6.5.4 Integration and Solution Accelerator Guide for Symantec DLP for more information about configuring this integration.