I am wondering if anyone has done any kind of setup like what I am trying to do below. I would like to not have 1 incident per incident within our DLP system, but instead pull from the system once per day with a datatable of all incidents based on type and user. Details below.
We have 2 sections Endpoint and Network (primarily email). I need to pull incidents from our Network section hitting a certain policy. I then need to take all of these DLP incidents and create 1 Resilient incident for each user with a datatable of all the DLP incidents that the user caused. Then I need to do the same thing in the Endpoint section.
Example:
Nick Mumaw caused 312 DLP incidents in the last 24 hours violating policy "SSNs" in the Network section of DLP. Resilient incident 1234 was created with datatable containing 312 DLP incidents with the name "Nick Mumaw - SSNs - Network".
The reason we need to do it this was is because as we are working on changing business practices, we are getting sometimes hundreds of incidents from some people. We just need a way to track the amount of incidents we are dealing with by tracking them and even handling them within Resilient.
I hope this is possible. Thanks!
------------------------------
Nick Mumaw
------------------------------