Symantec Data Loss Prevention (DLP) | Splunkbase

My Account

Signup

Support & Services

Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us

My Account

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Creative Commons BY 3.0

Splunk Websites Terms and Conditions of Use

I have read the terms and conditions of this license and agree to be bound by them.

I consent to Splunk sharing my contact information with the publisher of this app so I can receive more information about the app directly from the publisher.

Thank You

Downloading Symantec Data Loss Prevention (DLP)

SHA256 checksum (symantec-data-loss-prevention-dlp_10.tgz) 8d4b9dee7f3b5b7332e692f771d3b1d333414bb023facb606697c0a62c4cfbb2

To install your download

For instructions specific to your download, click the Details tab after closing this window.

splunk

Symantec Data Loss Prevention (DLP)

Splunk Cloud

This app has been archived. Learn more about app archiving.

This app is NOT supported by Splunk. Please read about what that means for you here.

Overview

Details

This app will give you a month-to-date Dashboard view of your Symantec Data Loss Prevention (formerly Vontu) incidents.

Screenshot is only a partial view of the visible panels.

This app is configured for an index with the name of "dlp" so you will need to create the appropriate stanza in your inputs.conf file to direct all the traffic to the below port into the correct index.

From the Symantec DLP system, you will need to setup and configure the "Log to a Syslog Server" response rule under Manage > Response Rules.

Host = IP address for the indexer

Port = Listening udp port on the indexer

Message = ID: $INCIDENT_ID$, Policy Violated: $POLICY$, Count: $MATCH_COUNT$, Protocol: $PROTOCOL$, Recipient: $RECIPIENTS$, Sender: $SENDER$, Severity: $SEVERITY$, Subject: $SUBJECT$, Target: $TARGET$, Filename: $FILE_NAME$, Blocked: $BLOCKED$, Endpoint: $ENDPOINT_MACHINE$

Level = 7 - Debugging

The above "Message" will allow this app to work right out of the box. You may add additional output from Symantec as desired. You will just have to add the additional Field Extractions in Splunk for your new queries to work.

Release Notes

Version 1.0

Dec. 13, 2012

1,191

Downloads

Share Subscribe

Version

Built by

ERS of Texas

Support

Not Supported

Questions on Splunk Answers Flag as inappropriate

Compatibility

Products: Splunk Enterprise, Splunk Cloud

Platform: Platform Independent

Licensing

Creative Commons BY 3.0

Category & Contents

Categories: Security, Fraud & Compliance

App Type: App

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Submit New Splunk App Dev Resources

Follow Us:

© 2005-2024 Splunk LLC All rights reserved.

Sitemap | Privacy | Website Terms of Use | Splunk Licensing Terms | Export Control | Modern Slavery Statement | Splunk Patents | Report a Problem

Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk LLC in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.