Configure a custom Tombstone message with a DLP Enforce server and CASB integration
Last Updated May 07, 2019
Symantec Data Loss Prevention (DLP) Enforce
By default, the DLP Enforce policy uses a standard Tombstone message when a file is quarantined through the Response Rule action, "Custom Action on Data-at-Rest".
Note: This workaround only applies if you have CASB and your on-premises DLP Enforce Server integrated together with a DLP Cloud Service Connector.
By default, the ability to customize a Tombstone message is not yet available in the DLP Enforce Server. You can customize the Tombstone message if you use a Custom Payload option with the JSON payload shown below.
Note: Native CASB policy (i.e. Protect) relies on a Response Rule Template that is applied to the Protect policy directly.
How to apply the custom payload to a Response Rule action in DLP Enforce policy:
Log on to the DLP Enforce Server console.
Go to Manage, then Policies and then click on Response Rules.
Click on Add Response Rule.
Select Automated Response and then click Next.
Name your Policy and provide a description (if desirable).
Under “Conditions”, click on Add Condition.
In your new Condition, select Incident Type | Is Any Of | Cloud Applications and API Appliance.
Under “Actions”, click the drop-down arrow, scroll down to the Cloud Applications and API Appliance (Data-at-Rest) section and select Custom Action on Data-at-Rest.
Click on the Add Action button.
Paste in the JSON Code shown below, and then customize your message.
Click on Save to complete the process of creating a new Response Rule.
The final step is to apply the new Response Rule with your Custom Action on Data-at-Rest to your desired policies.