DLP Incident Response integration Microsoft using Azure Storage - how to manage the data in Azure?

GG-Amitola
Tera Expert

‎08-08-2023 01:55 AM

Setting up the DLP Incident Response integration with Microsoft using Azure Storage and the Product Documentation only mentioned storing the data and deleting the data on the deletion of the DLP Incident in ServiceNow

  • Store the matching content of each Microsoft DLP event in external cloud storage.
  • Delete matching content at external cloud storage upon the deletion of the DLP IR incident in ServiceNow.

Does anyone know what capabilities / option does ServiceNow have for the clean-up/management of the data in the Azure Storage, without deleting the corresponding DLP IR Incident?

 

https://store.servicenow.com/sn_appstore_store.do#!/store/application/eaf471689f9d1110d1f7e1ac98a9c8...

 

https://docs.servicenow.com/bundle/utah-security-management/page/product/dlp-microsoft/concept/dlp-i...

Labels:
0 Helpfuls
  • 665 Views
1 REPLY 1

Dexter Parre_o
ServiceNow Employee
ServiceNow Employee

‎11-28-2023 08:10 PM

Hi,

 

Don't know if you got your answers yet but if you would go to DLP Administration->Advance Settings in the navigator, there is a property there which says "Day(s) to wait for deleting match content on cloud storage after incident gets closed". You can enter in there the number of days after which the matched content will be deleted after closing the incident..

 

Regards,

Dexter

0 Helpfuls