0
2.1.8
Xanadu, Washington DC, Vancouver
Allows DLP analyst team to view and manage DLP incidents from multiple sources in a single workspace and provides the ability for end users to view incidents assigned to them, request release of emails quarantined, and submit their response to incidents. This app also allows line managers or compliance teams to review escalated incidents and requests for email release from quarantine and respond to the incidents. DLP admins can define administrative controls to automatically assign incidents, create email templates for communication, manage incident response options, define approval workflow for quarantined email release requests and so on.
- Automatically assign incidents to end users, managers, or DLP analyst groups based on a criteria
- Escalate incidents automatically to managers
- A workspace for end users to review Data Loss Prevention (DLP) incidents assigned to them and respond to the incidents by specifying a remediation action and comments.
- Attach assessments automatically and allow end users to respond to assessments
- Define end user instruction templates to coach/educate end users within the incident response workspace
- Define email templates to send emails (digest or per incident) for incident assignment notification, due date notification, escalation notification etc.
- Define the approver hierarchy, allow end users to request for the release of quarantined emails, and automatically release emails from quarantine post approval.
- A workspace to let managers or other escalation reviewers to review escalated DLP incidents and respond to them appropriately.
- Ability for DLP analysts to view reports on open DLP incidents by severity, policy, top offenders, and so on.
- Ability for DLP analysts team to view, edit, assign, and close DLP incidents across multiple sources such as endpoint, network, and email.
- Ability for DLP analysts to view match content/snippet that violated the DLP policy without storing the sensitive content in ServiceNow.
- Ability for DLP analysts to download the evidence file that violated DLP policy.
- Group incidents from the same user and matching a given criteria in a given period of time under one parent incident.
- Define field-level and record-level restrictions to control who can see what data in DLP incidents.
- Define delegates to handle incident response for executives.
- Define repeat offender rules to automatically identify users violating the same policy multiple times.
New:
- Evidence File Storage:
- Users can now store the evidence files in both ServiceNow and external storage. This enhancement provides the flexibility to manage evidence files, allows the users to choose their preferred storage method. Internal which is the ServiceNow storage offers quick access within the application, while external storage allows the increased capacity and backup options.
- New State: Delete File:
- A new state called Delete File has been introduced.
- Approval Flow:
- An approval flow feature has been added to streamline the processes. This feature now allows a structured approval processes within the application. Users can submit requests that require approvals, by ensuring that important decisions are reviewed and authorized by a designated personnel. This not only enhances the accountability but also improves collaboration and communication between the team members.
- Required plugins and products
- Dependencies
- Properties that need to be created or set to activate the content pack
- Affected business rules
- Affected script includes
- .jar files that need to get uploaded, if applicable