How to Configure SphereShield for SfB DLP?
- Open the SphereShield Portal
- Go to Settings→ DLP Integration (/admin/settings?category=settings_dlp_integration_category_header)
- Enable DLP Integration by changing the "Enable DLP Integration" option to "Yes"
- Choose DLP provider - 3rd Party or AGAT for Regex Based rules (Configure in /admin/DLPrules)
General configuration options
Proptery | Options | Description |
---|---|---|
General | ||
Enable DLP | Yes/No | Enable DLP policy inspection |
Enable DLP On | Bastion, SIP Filter | Enable inspection on a component(multichoice)
|
DLP Provider | AGAT/Other/Symantec/ForcePoint(WebSense)/Mcafee/Fidelis | The DLP provider that will be used for the Inspection
|
Block Traffic when DLP engine is not available | Yes/No | Block all inspected traffic In the case there is no response from the DLP server |
Filter only outgoing IM Traffic | Yes/No(Default: Yes) | Filter only communication between internal and federation users |
Enable DLP for conferences | Yes/No | Enables DLP inspection for conferences |
Internal SIP Domain List | List of internal SIP domains | The list of the SIP domains that are used internally (used to differentiate between internal and federated users) In order to insert an internal domain enter your internal SIP domains in the textbox and then press Enter. Example of SIP domains:
|
Include sub-domains of the internal SIP domain | Yes/No | Whether to include sub-domains under one level |
Enable DLP Auditing | Yes/No | Record DLP events in the database, Events can be seen in the Admin portal under [Auditing] >[DLP Auditing] |
Admin Notification | ||
Admin notification type | [Log]/[Log and Mail]/[Log, Mail and IM] | The type of notification that will be utilized Options are:
|
Admin notification recipient(email) | Recipient Email account | The recipient Admin Email account (Only relevant if mail is configured) |
Admin notification recipient(IM) | Recipient IM SIP address | The Recipient Admin SIP address for IM(Only relevant if UCMA and IM notification is configured) |
Admin notification recipient Message | IM Message content | The IM message content |
Admin notification Email subject | Mail message content | The mail message content |
DLP User Notification | ||
User Notification Type | None/IM | Enable notification to the user in case of violation(Require UCMA integration) |
User Notification Message | Message | The message that will be sent to the user in case of violation |
User Block Message | Message | The message that will be sent to the user in case of violation on block mode |
User Modify Message | Message | The message that will be sent to the user in case of violation on block mode in case of modify |
Advanced | ||
| Yes/No | If set to "Yes", will fetch the CN of the AD user for enhanced logging. This might impact performance.(Required for DLP Providers in order to enforce policies based on groups) |
Related Articles:
Title | Creator | Modified | |
---|---|---|---|
How to configure DLP integration with Symantec via RESTful API? | Agat Support | Apr 13, 2022 | |
Symantec DLP Integration | Agat Support | Apr 13, 2022 | |
External ICAP DLP Integration | Agat Support | Apr 13, 2022 | |
How to Configure SphereShield for SfB DLP? | Agat Support | Aug 08, 2021 |