What are discovery and DLP?

Documentation | Support

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Creating Remediation Scripts for Forcepoint DLP > What are discovery and DLP?

What are discovery and DLP?

Creating Remediation Scripts | Forcepoint DLP | v8.4.x, v8.5.x, v8.6.x

What is discovery?

Discovery is the act of automatically scanning data at rest, classifying it, and potentially enforcing an action on the classification.

Discovery can be performed by two Forcepoint DLP system components:

The crawler performs network discovery.

Forcepoint DLP Endpoint performs endpoint discovery.

Both components perform essentially the same activity.

Once the documents are classified as having matched a policy rule, an action plan associated with this rule is executed. The action plan specifies what happens next, and this can include running a remediation script.

Data Loss Prevention (DLP) is the activity of classifying real-time data that is communicated on various channels, by various means. Once classified, the data sent over the communication channel might trigger a policy and generate an incident.

Once an incident occurs, an action plan is executed. The action plan may specify which remediation scripts to run.

Classification is performed by the Policy Engine. This means it can be executed on Windows or Linux policy engines, or executed on servers or endpoints (including Linux endpoints, although this functionality is currently not available).

What are discovery and DLP incidents?

A discovery incident is created when content that matches one or more rules in a discovery policy is found.

A DLP incident is created when content that matches one or more rules in a DLP policy is found.

When remediation scripts are used, each incident results in an XML file that contains the incident details. Details include:

Information about the rule or rules that were matched

Other meta data, such as the file permissions, source and destination, the policy engine name, and so on

The available meta data varies based on the type of incident.

The full path to the XML file is used as the first command-line parameter passed to the remediation script.

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Creating Remediation Scripts for Forcepoint DLP > What are discovery and DLP?

Copyright 2018 Forcepoint. All rights reserved.