0
2.3.0
Australia, Zurich, Yokohama, Xanadu
Standalone Application
Allows DLP analyst team to view and manage DLP incidents from multiple sources in a single workspace and provides the ability for end users to view incidents assigned to them, request release of emails quarantined, and submit their response to incidents. This app also allows line managers or compliance teams to review escalated incidents and requests for email release from quarantine and respond to the incidents. DLP admins can define administrative controls to automatically assign incidents, create email templates for communication, manage incident response options, define approval workflow for quarantined email release requests and so on.
- Automatically assign incidents to end users, managers, or DLP analyst groups based on a criteria.
- Escalate incidents automatically to managers.
- A workspace for end users to review Data Loss Prevention (DLP) incidents assigned to them and respond to the incidents by specifying a remediation action and comments.
- Attach assessments automatically and allow end users to respond to assessments.
- Define end user instruction templates to coach/educate end users within the incident response workspace.
- Define email templates to send emails (digest or per incident) for incident assignment notification, due date notification, escalation notification etc.
- Define the approver hierarchy, allow end users to request for the release of quarantined emails, and automatically release emails from quarantine post approval.
- A workspace to let managers or other escalation reviewers to review escalated DLP incidents and respond to them appropriately.
- Ability for DLP analysts to view reports on open DLP incidents by severity, policy, top offenders, and so on.
- Ability for DLP analysts team to view, edit, assign, and close DLP incidents across multiple sources such as endpoint, network, and email.
- Ability for DLP analysts to view match content/snippet that violated the DLP policy without storing the sensitive content in ServiceNow.
- Ability for DLP analysts to download the evidence file that violated DLP policy.
- Group incidents from the same user and matching a given criteria in a given period of time under one parent incident.
- Define field-level and record-level restrictions to control who can see what data in DLP incidents.
- Define delegates to handle incident response for executives.
- Define repeat offender rules to automatically identify users violating the same policy multiple times.
Fixed:
- Fixed an issue where the DLP Incident Response End User Workspace displayed an infinite loading spinner instead of rendering the record page for users with ACL-based access but without
sn_dlirroles. - Resolved a security vulnerability in the "Save Custom Fields" Data Broker within the DLP Incident Response integration with Proofpoint, preventing potential ACL bypass.
- Addressed an ACL bypass vulnerability in the "Fetch Archived Incidents Count" Data Broker to ensure proper authorization enforcement.
- Fixed an ACL bypass issue in the "Execute Cancel Approval" Data Broker, improving access control validation and security enforcement.
- Resolved ACL bypass and encoded query injection vulnerabilities in the "Fetch DLP Header" Data Broker, strengthening input validation and access control handling.
- Implemented fixes related to Cobalt Raven Non-Glide Query ACL directives, ensuring proper ACL enforcement for non-Glide query operations.
- Required plugins and products
- Dependencies
- Properties that need to be created or set to activate the content pack
- Affected business rules
- Affected script includes
- .jar files that need to get uploaded, if applicable