Has anyone configured their RSA SIEM to digest DLP Incidents from the new table structure introduced with DLP 9.4/10/11 ?
With 9.3 we are using a SQL Query against the EPO DB to pull DLP events - we used the query provided with the RSA SIEM.
RSA hasn't updated this connector yet from what we can determine.
Any one have a SQL query to pull the DLP Incidents in general (Dim and DiU).
[UDLP_Incidents] - All incidents in your Incident manager
[UDLP_Incidents_Archive] - All incidents in your incident history
You would need quite a few more tables if you wanted data based on the data loss vector.