Monitor Microsoft DLP Integration Run process
-
- UpdatedAug 3, 2023
- 1 minute read
- Vancouver
- Security Operations
Track and monitor the ongoing ingestion process. The integration run processes contains the statistics on how much the data was processed and the integration status.
Role required: sn_dlir.admin.
- In Symantec, the process contains both child and parent integration runs. The parent record indicates the ingestion data and child record indicates the enrichment calls and custom attribute records.
- In Microsoft, there is only parent record ingestion process to be run.
DLP Integration Run Processes: This displays the queue entries, status of queue entries, and fetched records.
The integration run contains the Source for which the integration profile and the integration run record is created, profile polling intervals, ingestion states and substates, incident count which indicates the number of records that are ingested.
- Navigate to .
- Select the integration run from the list.
- Navigate to the DLP Integration Run Process.
- View the queue entry status of the record.
Related Content
- DLP default configuration settings
Define the default configuration settings for Data Loss Prevention Incident Response (DLP IR) incidents to identify and set up the incident notification and incident assignment preferences for your end users.
- Configure end user lookup rules
You can create and configure end user lookup rules and assign the DLP incidents to the respective end users based on those rules.
- Create an assignment rule for your Data Loss Prevention Incident Response incidents
Create and activate the assignment rules. Then, assign the Data Loss Prevention Incident Response (DLP IR) incidents to user groups, end users, managers, or user from incident.
- Create incident consolidation rules
Create incident consolidation rule to consolidate multiple incidents of similar nature under one parent incident.
- Set up the response due date rules for your DLP incidents
Set up the response due date rules to determine the time you want to give your end users to respond to the assigned Data Loss Prevention Incident Response (DLP IR) incidents.
- Configure Approval Rules
Set up approval rules to take approval from various levels of approver users whenever an advanced type of response option is selected.
- Create and manage user instructions template for DLP incidents
Create and manage user instructions template for DLP incidents to help the users understand the instructions involved incident resolution and the next steps involved in the resolution process.
- Create and manage email templates for your DLP incidents
Create and manage the preconfigured email templates for sending notifications to your end users, user groups, or managers. With these templates, you can coach and communicate with your end users about the Data Loss Prevention Incident Response (DLP IR) incidents.
- Create and manage assessments for DLP incidents
Create and manage assessments to enable end users to respond to DLP incidents. You can use the assessments to gather information about the sensitive data exposed or leaked from the DLP incidents.
- Set up incident response option rules for your DLP incidents
Set up the incident response option rules that end user or analyst can use while responding to an incident.
- Configure the age chart for your DLP incidents
Configure the age chart that appears in the Data Loss Prevention Incident Response (DLP IR) Ops portal. This chart shows the count of open incidents by the number of days.
- Configure how end-user actions are delegated
Prevent certain executives in the organization from receiving notifications about the incidents assigned or escalated to them.
- Configure repeat offender identification rules
Configure the repeat offender identification rules to identify users who repeat the same issue multiple times.
- Create custom states for your DLP incidents
Create and configure your own custom states for the DLP IR incidents.
- Create Additional Incident Data Fields
Create your Additional Incident Data Fields for the DLP incidents. You can create different types of Additional Incident Data Fields such as string, number, check box, choice, date and time, and use them in the DLP incident forms.
- Configure advanced settings for Data Loss Prevention Incident Response
Configure the advanced settings so that you can determine the fields on the Incident for identifying the end users, among other capabilities.
- DLP Incident Access Restrictions
Manage the visibility of a particular DLP incident that contains sensitive information. You can use incident access restrictions to define who can access a particular DLP incident and restrict specific users or groups from accessing that incident.
- DLP Incidents Archival
The Data Loss Prevention Incident Response is provisioned with one archival rule in the base system for the DLP incident table. The related records are also added in the base system to the DLP incident archive rule.