0 Replies Latest reply on Jun 24, 2016 10:10 AM by nicholas.klebs

    Minor and Warning severity between 9.3 and 9.4 DLPe is swapped - migration from 9.3 to 9.4 retains severity text but effectively changes the severity score up or down

    nicholas.klebs

      Between 9.3 and 9.4 the severity numerical scores "2" and "1" incidents swap the associated text Warning and Minor.

       

      (from Development)

      4 is the highest severity – it is called critical

      3 is the 2nd highest severity – it is called major

      2 severity – in 9.3 it was called warning and in 9.4 we simply renamed it to minor because a minor incident is more severe than just a warning.

      1 severity – it not an incident, it is a warning. In 9.3 it was called minor and in 9.4 we just renamed it to warning.

      0 is the lowest severity – it is called info

       

       

      Minor = Sev 1 in 9.3

      Minor = Sev 2 in 9.4

      Warning = Sev 2 in 9.3

      Warning = Sev 1 in 9.4

       

      When the Server Task to migrate 9.3 Incidents to the 9.4 Incident Manager runs, the text associated with the 9.3 incident is retained, but the numerical score changes when the 9.3 incident is placed in the 9.4 Incident Manager.

       

      A "Sev 1" 9.3 incident is now a "Sev 2" incident in the 9.4 Incident Manager, and a "Sev 2" 9.3 incident is now a "Sev 1" incident in the 9.4 Incident Manager.

       

      The end result is if we want to use the 9.4 DLP Incident Manager as a "single pain of glass" to view all of our DLP incidents and have our remediation team use, while we transition from 9.3 to 9.4, we will have to treat a Minor incident differently depending on if the incident was generated by a 9.3 client or a 9.4 client, and we will need to treat a Major incident differently depending on if the incident was generated by a 9.3 client or a 9.4 client.

       

      We would really like to start using the 9.4 DLP Incident Manager for Unification of 9.3 DLPe, 9.4 DLPe, and 9.3 nDLP incidents.

      But currently it is confusing that Incidents in the 9.4 DLP Incident Manager with a Severity Label of Minor or Warning have a different Severity Score (because the migration changed the 9.3 incident scores) depending on if the incident was generated by a 9.4 DLPe Client, a 9.3 DLPe Client, or from nDLP 9.3.

       

      We would like to see the Severity Score retained for 9.3 DLP Incidents Migrated to 9.4 DLP Incident Manager, and the text associated with the Severity Score matched to accurately reflect the verbiage used in 9.4 when a 9.3 Incident is migrated to 9.4 DLP Incident Manager.


      I have opened a few Service Requests in regards to this - initially I was told what I explained above is exactly what the migration server task was doing.  After further testing I indicated that this isn't the case in a new SR, and after a lot of back and forth it was then indicated that what I was originally told was incorrect and that the product is working as designed.


      Anyone else feel this is an oversight in providing value to the proposition of Unification that the new 9.4 DLP Incident Manager introduced?