Symantec DLP 12.0.1 can also be integrated with RSA Envision 4.1 SP1.
RSA Envision integration is also supported by previous Symantec DLP version 11.5, 11, and 12.
I would like to share a document, where RSA Envision 4.1 integration with Symantec Data Loss Prevention is explained.
Configuring Symantec DLP
To configure Symantec DLP to work with the RSA EnVision appliance, you must complete the following
tasks:
1. Configure System Events
2. Configure Response Rules
3. Enable Rules
Configure System Events
To configure system events:
1. On your Vontu system, depending on your operating system, choose one of the following:
For Windows, change directories to \Vontu\Protect\config.
For Linux, change directories to /opt/Vontu/Protect/config.
2. Open Manager.properties in a text editor.
3. Remove the number sign (#) from the line, #systemevent.syslog.host=, and then enter the
hostname or IP address of your enVision appliance.
4. Remove the # from the line, #systemevent.syslog.port=, and then type 514.
5. Remove the # from the line, #systemevent.syslog.format= [{0}] {1} - {2}.
6. Save and close the file.
7. Restart the Vontu server.
Configure Response Rules: attached snapshot- Vontu Response Rule.jpg
To configure response rules:
1. Log on to the Symantec DLP user interface.
2. Click Policies > Response Rules > Add Response Rule.
3. Select Automated Response.
4. Click Next.
5. In the Configure Response Rule window, complete the fields as follows.
Field Action
Rule Name : Enter a rule name.
Description : Enter a description for the rule name.
6. From the Action drop-down list, select All: Log to a Syslog Server.
7. Click Add Action.
8. Complete the fields as follows.
Field Action
Host Enter the IP address of your enVision appliance.
Port Type 514.
Message Type:
Vontu Incident: $POLICY$^^$INCIDENT_ID$^^$SUBJECT$^^$SEVERITY$^^
$MATCH_COUNT$^^$RULES$^^$SENDER$^^$RECIPIENTS$^^
$BLOCKED$^^$FILE_NAME$^^$PARENT_PATH$^^$SCAN$^^
$TARGET$^^$PROTOCOL$^^$INCIDENT_SNAPSHOT$
Notice the addition of the text "Vontu Incident:" is required
* Important: This is one continuous entry. Do not add spaces or hyphens.
Level Select 4.
9. Click Save.
Enable Rules
To enable rules: refer the attached screenshot - Policy response.JPG
1. Click Policies > Policy List.
2. Select a policy that you want to report on.
3. Click the Response tab.
4. From the drop-down list, select the rule you created in the previous task.
5. Click Add Response Rule.