Documentation
|
Support
Defining Resources
>
Remediation
> Action Plans
Action Plans
Administrator Help | Forcepoint DLP | Version 8.4.x
Related topics:
Remediation scripts
Adding a new action plan
Notifications
Use the
Policy Management > Resources > Action Plans
page in the Data Security module of the Forcepoint Security Manager to define how the system responds when various breaches are discovered.
The following action plans are provided by default.
Name
Description
Audit and Notify
Audit incidents from all channels, and if configured, generate notifications.
Audit Only
(Default) Permit all activity on all channels, and log incidents in the audit log. If configured, it also generates notifications.
This action plan is designed for mild breaches.
Audit Without Forensics
Same as Audit Only, but does not store forensic data for the incident.
Block All
Block all incidents on all channels, audit them, and, if configured, generate notifications.
This action plan is designed for severe breaches.
Block Without Forensics
Same as Block All, but does not store forensic data for the incident.
Drop Email Attachments
Drop email attachments that breach policy.
Note
The predefined action plans use the Default notification. You can edit the action plans to use a different notification—see
Notifications
and
Adding a new message
for details.
Select an action plan each time you add rules or exceptions to a policy.
To create a new action plan, click
New
.
To delete an action plan, select it and click
Delete
.
When all your action plans have been configured, select the one to use by default. To do so, select the plan, then click
Set as Default Action Plan
.
Defining Resources
>
Remediation
> Action Plans
Copyright 2017 Forcepoint. All rights reserved.