Getting started with Proofpoint integration for Data Loss Prevention

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • The Proofpoint DLP integration supports the ingestion of Data Loss Prevention alerts created on the Proofpoint dashboard. After ingestion, the incident management functionalities that remediate the DLP incidents will be used.

    Checklist

    Review the following information before you start setting up your Proofpoint DLP integration for Data Loss Prevention.

    Table 1. Checklist
    Field Description
    Verify you have assigned the required ServiceNow AI Platform and Data Loss Prevention Incident Response application roles. The following roles are used across the Proofpoint DLP integration on the ServiceNow AI Platform:
    • The administrator (admin) installs the applications from the ServiceNow® Store and assigns the Data loss prevention admin (sn_dlir.admin).
    • The user with sn_dlir.admin role can configure the integration and set up the incident profiles.
    • The users with sn_dlir.analyst role have read roles across the integration.
    Assign the required Proofpoint DLP user roles. Assign any High Level access or Granular access to the created DLP User.

    High level access: Assign either of the below listed access policy.

    • Analytics Activity Exploration: Explore and manage all activity monitored by Information and Cloud Security Platform. This includes the ability to view screenshots, snippets, and raw email data and to manage saved explorations.
      Figure 1. Analytics Activity Exploration - Access Polices
      Analytics Activity Exploration - Access policies
    • Activity Exploration: Explore and manage all activity in analytics application monitored by Information and Cloud Security Platform. This includes the ability to view screenshots, snippets and raw email data and to manage saved explorations.
      Figure 2. Activity Exploration - Access policies
      Activity Exploration - access policies
    • Granualar access:: Assign all the below listed access policies.
      • Notification View: View notifications including email, instant messaging, and webhooks for external system integrations.
      • Activity View: View all activity monitored by Information and Cloud Security Platform.
      • Alert and Activity Management: Manage alerts and activities, including workflows, comments and remediations.
        Figure 3. Granualar access - Access Policies
        Granualar access policies

    For more information navigate to Administration > User Management > Access Policies > Predefined Access Policies Descriptions on Proofpoint Documentation.
    Verify that the end-user core application required to support the Proofpoint DLP integration is installed and activated. Verify that the following DLP applications and security support common applications are installed and activated from ServiceNow Store. If not installed, install, and activate on application.
    • Security Support Common
    • Data Loss Prevention Incident Response