When integrating a Symantec Data Loss Prevention (DLP) data source with Information Centric Analytics (ICA), administrators can choose to enable DLP writeback. When enabled, status changes made in ICA to DLP incidents (Data In Motion, or DIM) are written to the DLP database via API (SOAP or REST, depending on the versions of ICA and DLP involved).

Although there are safeguards in place to prevent a user from unknowingly performing a bulk update operation against a large number of incidents, it is still possible for a user to perform a search in the ICA portal, select all incidents returned by the search and, ignoring a warning that all incidents - not just those displayed - are selected, change the status of all selected incidents. With writeback enabled, ICA then begins the process of writing these changes to the DLP database. Depending upon the number of incidents selected, this process can take anywhere from a few seconds to several hours to complete.

Release : 6.5.x

Component : Symantec DLP Integration Pack

Contact Broadcom support for assistance.