Creating an incident based on Symantec Network Prevent header markup
Below is a sample method to handle any sensitive data that Symantec Network Prevent detects. This method requires that you configure both Symantec Network Prevent and Symantec Messaging Gateway.
In this example, Symantec Network Prevent adds a custom header to matching messages. Symantec Messaging Gateway creates an incident for messages with the custom header and holds the messages for review. So messages are not delivered to the original recipient but are instead routed to a content filtering folder on Symantec Messaging Gateway. An administrator can approve, reject, forward, archive, delete, and manage the messages in the content incident folder.
Table: How to create an incident based on Symantec Network Prevent header markup
Configure Symantec Network Prevent to add a custom header to the messages that it detects with sensitive data on the Add/Edit Response Rule screen under Create a Modify SMTP Message response rule. You can add up to three RFC 2822 header lines.
Symantec recommends that you use the header X-Cfilter: with different values depending upon the wanted action on Symantec Messaging Gateway or scan verdict.
For example, you can specify X-Cfilter: Symantec Incident to mark messages for a content incident folder or X-Cfilter: SSN for any messages that contain social security numbers.
In Symantec Messaging Gateway, create a content filtering folder, such as "Symantec Incidents". You may want to enable email notification for the content filtering folder.