You want to understand how Information Centric Analytics (ICA) pulls in and processes policies from Symantec Data Loss Prevention (DLP).

Release : 6.x

Component : Symantec Data Loss Prevention Integration Pack

ICA imports metadata for all policies from each DLP data source during the staging steps of the nightly RiskFabric Processing and RiskFabric Intraday Processing jobs. This includes policies that have been suspended in DLP. After importing these records, it compares them against previously imported policies. Any changes to previously imported policies are merged with extant records. New policies are processed into ICA's core tables and linked to corresponding ICA policies of the same name. If a matching ICA policy did not exist previously, it is created at this time.

ICA policies can have a one-to-many relationship with DLP policies spanning multiple data sources, but imported DLP policies may only have a one-to-one relationship with ICA policies. You may also choose to create an ICA policy and map it to DLP policies manually. Refer to the Configuring Policy Settings section of the Symantec ICA Administrator Guide for more information about this process.