Configure Smart Response Rules

  • Release version: Xanadu
  • Updated August 12, 2024
  • 1 minute to read

    • Configure the Symantec smart response rule(s) to perform response actions on the ingested Symantec DLP incidents.

    Before you begin

    Role required: sn_dlir.admin

    About this task

    Verify that the Symantec user that you are configuring for ServiceNow Symantec DLP integration must have those Smart Response Rules selected under the Roles configuration page. For more information, see Actions section available on Configuring Roles document.

    For the fetched smart response rule(s), DLP admin can create the Incident Response Option Rule(s) and Response Option Mappings to configure the response action(s) to be performed on ingested Symantec DLP Incidents.

    Procedure

    1. Navigate to All > Symantec DLP Integration > Smart Response Rules.
      You will see all the available smart response options for each configured integration configuration. For more information see, Install and configure the Symantec DLP integration for Data Loss Prevention and follow the procedure explained on how to configure Symantec integration: configuration source if this was not configured.
    2. Click on any of the Smart Response Rules to open its form view.

      Follow Create incident response option rules to create Incident Response Option Rules and Response Option Mappings to display this smart response rule on Respond modal of DLP workspace.

    3. Create the approval rules for the Smart Response Rule using the Approval Rules tab in the related list or by following the procedure explained in the Configure Approval Rules section.
      Approval Rules for each Smart Response Rules will be visible in the Approval Rules related list.
    4. After creating the Incident Response Option Rule(s), you can see the record in the related list of the Smart Response Rule record.
    5. Use the Refresh Smart Response Rule button in the list view to manually update the source.
      The smart response rules will add, update, or delete automatically each day for every source.