Data Loss Prevention Incident Response release notes

  • Release version: Yokohama
  • Updated February 20, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Data Loss Prevention Incident Response release notes

    The ServiceNow® Data Loss Prevention (DLP) Incident Response application helps organizations manage sensitive customer data such as financial records, health information, and Social Security numbers. The Yokohama release introduces significant enhancements to improve secure evidence management, operational efficiency, and incident response for DLP incidents.

    Show full answer Show less

    Key Features

    • Secure Evidence Management: Enhanced capabilities to securely store, manage, and track evidence files directly within the platform for all DLP Incident Response integrations, including Proofpoint, Symantec DLP, Microsoft (Exchange Online, OneDrive, SharePoint), and Netskope. Users can preview and download evidence files easily from the DLP Analyst or end user workspaces.
    • Incident Closure Enhancements: Added support for specifying closure codes before closing incidents, improving incident lifecycle tracking and reporting accuracy.
    • Playbook Feature: Introduced playbooks to the DLP Incident Response workspace to streamline and standardize operational procedures, enhancing efficiency in handling incidents.
    • SLA Triggers and Definitions: New functionalities to create SLA triggers and define SLA conditions and durations, enabling prompt and effective responses to data breach incidents.
    • Integration Improvements: Includes ICAP integration for ingesting DLP alerts and fetching match content and evidence files from Amazon S3 in supported deployments, plus the ability to create Proofpoint applications to obtain client credentials for secure API access.
    • Incident Management: Incident consolidation rules ensure that the parent incident maintains the highest priority among linked incidents, improving incident prioritization and management.
    • User Interface Updates: New actions in the DLP incident form require closure code entry, and the Custom Fields column in the incident table has been renamed to Additional Incident Data Fields for clarity.

    Activation and Additional Information

    This application is available for installation via the ServiceNow Store. Customers should request installation through the store to access the latest release features. The DLP Incident Response application integrates with other key ServiceNow Security Operations applications such as Security Incident Response, Vulnerability Response, and Threat Intelligence, leveraging common security support plugins to provide a unified security operations experience.

    The ServiceNow® Data Loss Prevention Incident Response application helps you to manage sensitive information for your customers such as financial and proprietary data, health records, or Social Security numbers. Data Loss Prevention Incident Response was enhanced and updated in the Yokohama release.

    Data Loss Prevention Incident Response highlights for the Yokohama release

    • Enhanced the ability to securely store, manage, and track evidence files within the platform for all Data Loss Prevention Incident Response integrations.
    • Preview the evidence file of an incident from either the DLP IR analyst workspace or end user workspace.
    • Enhanced the DLP incident closure process by adding support for closure codes.
    • Introduced the Playbook feature in the DLP IR workspace to enhance operational efficiency.
    • Improved response to Data Loss Prevention (DLP) incidents through the initiation of SLA triggers.

    See Data Loss Prevention Incident Response for more information.

    Important:
    Data Loss Prevention Incident Response is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    New in the Yokohama release

    Create a Data Loss Prevention Incident Response SLA trigger
    Enable prompt and efficient responses to incidents by creating SLA triggers.
    Create a Data Loss Prevention Incident Response SLA definition
    Outline the conditions and duration for responding to data breaches by creating Data Loss Prevention Incident Response SLA definitions.
    Create an Application in Proofpoint and Obtain Client Credentials
    Create an application in Proofpoint and configure the required settings to obtain client credentials. These credentials enable secure access to the Proofpoint API for seamless integration and automation.
    Internet Content Adaption Protocol (ICAP) integration for DLP IR
    Integration supports the ingestion of Data Loss Prevention Incident Response alerts, allows the fetching of match content, and evidence files from Amazon S3 created on the ICAP supported Data Loss Prevention Incident Response deployment.
    Configure evidence file storage
    Store evidence files directly in your ServiceNow instance with Proofpoint integration, by enhancing the ability to manage and track evidence files within the platform.
    Configure evidence file storage
    Symantec DLP supports evidence file storage to securely store the evidence files for the DLP Incidents.
    Preview Evidence files for DLP incidents of type Exchange Online, OneDrive, and SharePoint.
    With the DLP Microsoft integration, preview evidence files in the DLP Workspace in the Microsoft OneDrive, Microsoft Exchange Online, and Microsoft SharePoint formats. You can preview and download evidence files directly from the preview interface, simplifying evidence review and retrieval.
    Netskope integration: Preview evidence files and Download evidence files
    With Netskope integration you can preview and download evidence files directly from the preview interface, simplifying evidence review and retrieval.
    Preview evidence files
    Preview evidence files and download them directly from the preview interface, simplifying evidence review and retrieval.
    Playbook for Data Loss Prevention Incident Response
    Introduced playbooks in the DLP Workspace to enhance operational efficiency.
    Create incident consolidation rules
    Parent incident is always assigned the highest priority among consolidated incidents, enhancing incident management accuracy.

    UI changes

    Data Loss Prevention Incident Response Analyst Workspace
    Introduced a new action in the DLP incident form view that requires users to specify a closure code prior to incident closure.

    Changed in this release

    Create additional incident data fields
    In the DLP incident table, the Custom Fields column has been renamed Additional Incident Data Fields.

    Activation information

    Install Data Loss Prevention Incident Response by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Security Operations common functionality
    The Security Support Common plugin is activated when any of the plugins for the main Security Operations applications (Security Incident Response, Vulnerability Response, Threat Intelligence, or Configuration Compliance) are activated.

    Related ServiceNow applications and features

    Security Incident Response
    The ServiceNow® Security Incident Response application tracks the progress of security incidents from discovery and initial analysis, through containment, eradication, and recovery, and into the final post incident review, knowledge base article creation, and closure.