I would like to submit an enhancement request to add new options for users logging into the interface. I work for an enterprise and we are allowing business units to login and view incidents that are associated to thier policies. The work flow is as follows:
1. DLP team conducts interviews with business units and stake holders
2. Stakeholders define exactly what DLP should be looking for in thier departments
3. DLP team then converts those ideas into DLP policies
4. Policy is enabled and the business unit recieves a login to view incidents associated with thier policy
The problem with this approach is that we are technically unable to create roles that have access to only view incidents from a single policy. I know that we could tie a response rule to the policy that defines a custom attribute and then allow the user to view all incidents with that custom attribute but I fear that user error will occur one day and we'll forget to tie a response rule to a policy that applies that custom attribute.
We currently have to have role access based on Policy Groups and the PG's are named after each business unit. This is not an ideal approach because now, every single detection server is being used in every single Policy Group. I would like to create Policy Groups based on threat vector (DIM, DAR, DUI, Tablet) and then create policies around those threat vectors (SSN - DIM, SSN - DAR) because each policy should be different based on the detection server type.
If we could allow our users to login and view incidents by policy and/or by policy rule INSTEAD of just Policy Group, that would give us the flexibility to define our Policy Groups based on our detection servers AND to allow each business unit to own either a policy or a policy rule.
To Long Don't Read Version:
- Please create an enhancement request that allows users to login to the interface and view incidents based on Policy and/or Policy Rules