Describe the workflow of incident persistence in Data Loss Prevention
There are a number of different processes involved in the initial detection on a data channel, and it is beyond the scope of this document to address those variations.
After data has been analyzed within the memory on a monitor, if a valid violation occurs that needs to be recorded the original communication will be captured and written to the local disk. This incident will be persisted across the network through to the manager before the manager then writes this violation to the database. The specific workflow follows:
Detection is run against data provided by the content extraction process.
If an Incident is created, the Incident Writer reads sends this to the Enforce Server (via Monitor Controller process on the Enforce Platform).
Monitor Controller stores the Incident on Disk as a file ending in ".idc".
Incident Persister reads the persisted incident and transforms it into the data model.
Incident Persister runs the response rules against the incident.
Incident Persister stores the incident in the database via jdbc.
Imported Document ID: TECH222486
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.