0
2.1.17
Yokohama, Xanadu, Washington DC, Vancouver
Allows DLP analyst team to view and manage DLP incidents from multiple sources in a single workspace and provides the ability for end users to view incidents assigned to them, request release of emails quarantined, and submit their response to incidents. This app also allows line managers or compliance teams to review escalated incidents and requests for email release from quarantine and respond to the incidents. DLP admins can define administrative controls to automatically assign incidents, create email templates for communication, manage incident response options, define approval workflow for quarantined email release requests and so on.
- Automatically assign incidents to end users, managers, or DLP analyst groups based on a criteria
- Escalate incidents automatically to managers
- A workspace for end users to review Data Loss Prevention (DLP) incidents assigned to them and respond to the incidents by specifying a remediation action and comments.
- Attach assessments automatically and allow end users to respond to assessments
- Define end user instruction templates to coach/educate end users within the incident response workspace
- Define email templates to send emails (digest or per incident) for incident assignment notification, due date notification, escalation notification etc.
- Define the approver hierarchy, allow end users to request for the release of quarantined emails, and automatically release emails from quarantine post approval.
- A workspace to let managers or other escalation reviewers to review escalated DLP incidents and respond to them appropriately.
- Ability for DLP analysts to view reports on open DLP incidents by severity, policy, top offenders, and so on.
- Ability for DLP analysts team to view, edit, assign, and close DLP incidents across multiple sources such as endpoint, network, and email.
- Ability for DLP analysts to view match content/snippet that violated the DLP policy without storing the sensitive content in ServiceNow.
- Ability for DLP analysts to download the evidence file that violated DLP policy.
- Group incidents from the same user and matching a given criteria in a given period of time under one parent incident.
- Define field-level and record-level restrictions to control who can see what data in DLP incidents.
- Define delegates to handle incident response for executives.
- Define repeat offender rules to automatically identify users violating the same policy multiple times.
New :
- Implemented Playbook feature in DLP Workspace Evidence File:
- Introduced the Playbook feature in the DLP Workspace to enhance operational efficiency.
- Preview with Download Option:
- Added a preview icon for evidence files in the DLP Workspace. Users can now preview evidence files and download them directly from the preview interface, simplifying evidence review and retrieval.
- Field Renaming in DLP Incident Table:
- Renamed the field 'Custom Fields' to 'Additional Incident Data Fields' in the DLP Incident table to better reflect its purpose and improve clarity for users.
- Improved Incident Consolidation Rules:
- Updated the incident consolidation rules in the DLP module to ensure that the parent incident is always assigned the highest priority among consolidated incidents, enhancing incident management accuracy.
Fixed :
- Added Export button to export incident data from Workspace.
- Fixed duplicate filters created when creating a new list in DLP IR Analyst workspace.
- Closure code option list is showing choices for another table.
- Required plugins and products
- Dependencies
- Properties that need to be created or set to activate the content pack
- Affected business rules
- Affected script includes
- .jar files that need to get uploaded, if applicable