Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Resources > Remediation > Action Plans
Action Plans
Administrator Help | Forcepoint DLP | Version 8.4.x
Related topics:
*
Remediation scripts
*
Adding a new action plan
*
Notifications
Use the Policy Management > Resources > Action Plans page in the Data Security module of the Forcepoint Security Manager to define how the system responds when various breaches are discovered.
The following action plans are provided by default.
Name
Description
Audit and Notify
Audit incidents from all channels, and if configured, generate notifications.
Audit Only
(Default) Permit all activity on all channels, and log incidents in the audit log. If configured, it also generates notifications.
This action plan is designed for mild breaches.
Audit Without Forensics
Same as Audit Only, but does not store forensic data for the incident.
Block All
Block all incidents on all channels, audit them, and, if configured, generate notifications.
This action plan is designed for severe breaches.
Block Without Forensics
Same as Block All, but does not store forensic data for the incident.
Drop Email Attachments
Drop email attachments that breach policy.
 
* 
Note 
The predefined action plans use the Default notification. You can edit the action plans to use a different notification—see Notifications and Adding a new message for details.
Select an action plan each time you add rules or exceptions to a policy.
To create a new action plan, click New.
To delete an action plan, select it and click Delete.
When all your action plans have been configured, select the one to use by default. To do so, select the plan, then click Set as Default Action Plan.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Resources > Remediation > Action Plans
Copyright 2017 Forcepoint. All rights reserved.