Symantec DLP OverviewResources Applies To: Symantec DLP 14.5 and Above Version Overview The Symantec Data Loss Prevention Enforce Server is the central management platform that enables you to define, deploy, and enforce data loss prevention and security policies. The Enforce Server administration console provides a centralized, web-based interface for deploying detection servers, authoring policies, remediating incidents, and managing the system. EventTracker can integrate with Symantec DLP to capture the logs triggered for policy violations by the user. It also helps to visualize the policy violation and audit activities (policy changes, system management) happening on Symantec DLP. It will trigger the alerts whenever the user violates any policies. Reports will give you the details about audit activities and policy violation. Syslog messages from Symantec DLP can be forwarded to EventTracker Enterprise and based on these logs, alerts and reports can be configured in EventTracker. EventTracker Knowledge Pack for Symantec DLP allows you to monitor the following components: - Security – Policy Violation and Audit Activities. Compliance – User Login and Logout and Authentication Failures. Operation – Web Activities. Previous Next Once Symantec DLP is configured to deliver events to EventTracker Manager; Knowledge objects and reports can be configured into EventTracker. Some of the Knowledge Packs available in EventTracker are listed below. For more information, refer Integration Guide. Security Alerts Symantec DLP: Audit Changes – This alert will trigger whenever policy rule updated, policy rule is changed. Symantec DLP: Policy Violation – This alert will trigger whenever response rule match with severity as high or severe or critical. Reports Symantec DLP – Policy Violation – This report provides information related to the users and systems that violated the mentioned policy. Symantec DLP – Audit Activities – This report provides information related to changed policy, policy updated. Operations Reports Symantec DLP – Web Activities - This report provides information related to the accessing (access log) Symantec DLP detail IP address, web request method, and browser details. Compliance Alerts Symantec DLP: Authentication Failed – This alert will trigger whenever Symantec DLP web user authentication fails, and user not found. Reports Symantec DLP – User Login and Logout - This report provides information related to the user login, logout and user authenticated. Symantec DLP – Authentication Failed -This report provides information related to the authentication failed for user and could not find the user. Scope The configurations detailed in this guide are consistent with EventTracker version 9.x and later, and Symantec DLP 14.5 and above version. Documentation For more information, refer the Symantec DLP Integration guide.