Hi,
I am aware that there is an option for Privileged Users, however an Incident is still being raised if a rule is triggered. Is there a way or workaround to prevent Incidents from being raised for certain users and/or groups?
We are currently excluding specific Systems from having the DLP Endpoint installed as workaround, but that is not an ideal solution since the users that we want to exclude, they do login on other Systems from time to time that have the DLP installed.
Many thanks in advance.
Solved! Go to Solution.
Thats right, DLP has no user based policies, you have to chose system based policies. The recognition which user is logged on will be triggered within the Tag Criteria:
Now, one problem with this could be that your user (which should not get any DLP block events) logs on and your upcoming agent to server communication interval is too far away, lets say for example 53 minutes. Until the next 53 minutes some DLP events may occur and will show up to the user, because the agent has not yet recognized that this special user is logged on.
To avoid that, create an additional Client Task for an Agent Wakeup and assign it like this to your System Tree:
With this Task, at every user logon a system triggers an Agent Wakeup Call, recognizes which user is logged on and pulls the DLP OFF Tag (and policy, because of your Policy Assignment Rule) - or automatically deletes it, when a normal DLP user logs on.
Hope that helps 🙂
Regards
Fab
Hi,
one way to realize this is to create a Policy Assignment Rule (with an empty or "silent" DLP policy) to systems based on Tags. Within the related Tag define the Criteria: User Name equals NameOfYourUser.
Make sure that within the Tag definition you have the Evaluation set to "Evaluate on each agent-server communication".
However, the downside is that you have to maintain user by user. The better way is to create a definition within the DLP Policy Manager. Under "Source / Destination" you will find "End-User Group". Here you are able to create user groups based on Active Directory groups (your LDAP server has to be available under "Registered Servers") and assign them as an exception to your Device Rule (Exceptions > Excluded Users > End-User belongs to one of the end-user groups > Then select your recently created group.
With those exceptions you can "disable" DLP functionality for certain user(groups), no matter which system the log on to.
I hope this works for you!
Thanks for your suggestions, the first option is ideal since we do not have that many users to be added. I am already using the system based policies assignment for DLP policies which is working great, however as soon as I try to create a user based policy assignment, for some reason the DLP is not listed under the Product drop-down menu. Is it possible that DLP policies cannot be assigned to users?
The second option is also doable, but it will require to update all existing rules and ensure to the administrator adds the exclusion group whenever a new rule is created.
Thats right, DLP has no user based policies, you have to chose system based policies. The recognition which user is logged on will be triggered within the Tag Criteria:
Now, one problem with this could be that your user (which should not get any DLP block events) logs on and your upcoming agent to server communication interval is too far away, lets say for example 53 minutes. Until the next 53 minutes some DLP events may occur and will show up to the user, because the agent has not yet recognized that this special user is logged on.
To avoid that, create an additional Client Task for an Agent Wakeup and assign it like this to your System Tree:
With this Task, at every user logon a system triggers an Agent Wakeup Call, recognizes which user is logged on and pulls the DLP OFF Tag (and policy, because of your Policy Assignment Rule) - or automatically deletes it, when a normal DLP user logs on.
Hope that helps 🙂
Regards
Fab
Many thanks for your help 😃 much appreciated.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA