DLP Incident Response integration Microsoft using Azure Storage - how to manage the data in Azure?

GG-Amitola
Tera Expert

Setting up the DLP Incident Response integration with Microsoft using Azure Storage and the Product Documentation only mentioned storing the data and deleting the data on the deletion of the DLP Incident in ServiceNow

  • Store the matching content of each Microsoft DLP event in external cloud storage.
  • Delete matching content at external cloud storage upon the deletion of the DLP IR incident in ServiceNow.

Does anyone know what capabilities / option does ServiceNow have for the clean-up/management of the data in the Azure Storage, without deleting the corresponding DLP IR Incident?

 

https://store.servicenow.com/sn_appstore_store.do#!/store/application/eaf471689f9d1110d1f7e1ac98a9c8...

 

https://docs.servicenow.com/bundle/utah-security-management/page/product/dlp-microsoft/concept/dlp-i...

1 REPLY 1

Dexter Parre_o
ServiceNow Employee
ServiceNow Employee

Hi,

 

Don't know if you got your answers yet but if you would go to DLP Administration->Advance Settings in the navigator, there is a property there which says "Day(s) to wait for deleting match content on cloud storage after incident gets closed". You can enter in there the number of days after which the matched content will be deleted after closing the incident..

 

Regards,

Dexter