DLP ServiceNow incident does not list a sender
Article ID: 437905
Updated On:
Products
CASB Securlet SAAS
Issue/Introduction
CloudSOC is setup to ingest data from ServiceNow to generate DLP incidents.
When checking the DLP incident, we see a 'sender' is not defined.
Environment
Symantec Data Loss Prevention
CloudSOC integrated with ServiceNow
Cause
The UserID in ServiceNow does not have a specified email
Resolution
- Check the 'original message' of the DLP incident for the following USER_ID value:
{"name": "client.user.id", "value": ["USER_ID"]} - In ServiceNow, confirm the <USER_ID> has an email defined.
Feedback
Yes
No
Powered by
