Subscribing to DLP Events
After your BMC Remedy ITSM application is successfully registered with Microsoft Office 365, you can configure your ITSM application to subscribe to DLP events from Microsoft Office 365. Subscribing ensures that the enriched DLP events are received by ITSM to further create DLP Incidents and route them to the appropriate compliance group.
Assignment routing of the DLP events is critical to ensure data compliance.
Subscribe to DLP events
Subscribe to DLP events so that DLP incidents can be created in BMC Remedy ITSM. After you register your BMC Remedy ITSM application with Microsoft Office 365, you can subscribe to either Microsoft SharePoint or Microsoft Exchange events.
You can subscribe to the following events:
- Microsoft SharePoint - To track document violations in SharePoint O365 that match one or more DLP rule conditions.
- Microsoft Exchange - To track email violations in Exchange O365 with content that matches one or more DLP rule conditions.
DLP.ALL - This subscription returns the sensitive data along with the DLP events. To enable this, select Yes for the Include Sensitive Data for Active Subscriptions option and click Apply. This will subscribe you to receive sensitive information if the application created in Azure AD in Office 365 has the Read DLP policy events including detected sensitive data permission.
To subscribe to DLP events
- Open the DLP Configuration Wizard by clicking Custom Configuration > Incident Management > Advanced Options > DLP Application Configuration.
- Click New Search.
- From the Company list, select the name of the company for which you have already registered.
- Click Search.
In the Manage subscriptions panel, from the Subscription Type list, select the required content source.
- Click Subscribe.
- To view the list of active subscriptions, click Show Active Subscriptions. A list of active subscriptions is displayed in a confirmatory dialog box.
- To stop the subscription, click Unsubscribe.
- To subscribe to sensitive data, perform the following:
- Select Yes for the Include Sensitive Data for Active Subscriptions label.
- Click Apply.
- Map operational categories to enable routing to the appropriate group.
Map operational categories
Map categorization and impact/urgency to incidents for subscriptions so that incident priority is calculated and the incident is routed to the right support group.
To map operational categories
- In the Incident values for Content Type subscription area, configure the incident mappings.
- From the Operational Categorization lists, set values for Operational Categorization Tier 1, Tier 2 and Tier 3.
- From the Impact list, set the value for incident impact.
From the Urgency list, set the value for incident urgency.
- The operational categories are used to route the incident to the assigned support group. Ensure that the assignment configuration is already done for the selected company.
- The Impact and Urgency values are used for calculating incident priority.
The following screenshot shows some example incident mappings:
- Click Save Incident Mappings.
For the active subscriptions, the DLP events are routed to the specified groups using the operational categories.
- To verify the registration and assignment configuration, click the Create Sample DLP Event link. A sample incident is created.
- Click Close.