1. Select Main > Policy Management > Resources.
2. From the Remediation section, select the Notifications option.
3. Click New on the toolbar.
4. Enter a name and description for this notification template, such as “Breach notification”.
5. On the General tab, complete the fields as follows:
6. The outgoing mail server that’s been configured appears on screen. If you want to change the server used, click Edit (the pencil icon).
Related topics:
Adding a new message template, page 121
Field Description
Sender name Enter the name of the person from whom notifications should be sent. This is the name that will appear in the email From field. Maximum length: 1024 characters.
Sender email address Enter the email address of the person from whom notifications should be sent. Maximum length: 1024 characters.
Defining Resources
122 Websense Data Security
7. Complete the remaining fields as follows:
8. On the Notification Body tab, select a notification type and display format from
the drop-down lists.
Field Description
Subject Type the subject of the notification. This appears in the email Subject: line. Click the right arrow to choose
variables to include in the subject, such as “This is to notify you that your message was %Action Taken% because it breached corporate policy.” Maximum length: 4000 characters.
Recipients Define the recipient(s) for the notification.
Click Edit to select to select business units or directory
entries.
Select Additional email addresses then click the right
arrow to select a dynamic recipient that varies according to the incident. For example, you can choose to send the notification to the policy owners, administrators, source, or source’s manager. Select the variable that applies, such as %Policy Owners%. Separate multiple addresses with commas.
Field Description
Type Select the type of notification to send:
Standard - Select Standard to include all of the
elements shown in the Body Content box. You can enable or disable these elements if you use the standard notification type.
Custom - Select this option if you want to send a
custom notification. Edit the default text as needed. The drop-down menu provides variables.
Display as Select a display format from the drop-down list: HTML or plain text.
Logo Displays the Websense logo, date, and time.
Action Displays the action taken when the breach was discovered. Message to user Displays a message in the message body. You can use the default text, or edit it to your liking. The drop-down menu provides variables.
Incident details Displays incident details in the notification message. Violated rules Attaches a list of rules violated by the breach.
TRITON - Data Security Help 123 Defining Resources
9. Click the Notification Design button to preview your message.
10. Click OK to save your changes.
Allow users to release
blocked email This option does not apply to Web Security Gateway Anywhere customers. Select this check box if you want to allow users to release blocked messages by replying to their notification message.
If you do not have the Exchange agent, you must configure a Websense mailbox to activate this capability. Refer to the
Knowledge Base article titled “Configuring the Force
Mailbox” for details. Attach policy-breach
content Attaches policy breach contents to the email message.
Defining Resources
7
TRITON - Data Security Help 125
Performing Discovery
Discovery is the act of determining where sensitive content is located in your
enterprise. A data discovery policy might say, for instance: every Sunday, scan all the computers in the network looking for financial documents containing the keyword “Confidential”. Log what is discovered and send a notification to the Finance manager.
If you want to monitor what is done with those financial records or stop them from leaving the building, you need to create a network or endpoint policy.
Discovery enables you to find data at rest on your network and identify the endpoint machines that represent the greatest risk. This allows you to prioritize actions taken on the files and machines.
Performing discovery is comprised of 2 basic steps:
1. Creating a data discovery policy, page 126 2. Scheduling Data Discovery Tasks, page 137
Structurally, data discovery policies are the same as data usage policies. Both are comprised of rules, exceptions, content classifiers, and resources. Rather than
Related topics:
Creating a data discovery policy, page 126 Scheduling Data Discovery Tasks, page 137 Configuring discovery incidents, page 133 Viewing discovery status, page 132 Viewing discovery results, page 133 Updating discovery, page 133
Copying, moving, or encrypting discovered files, page 134
Note
This chapter applies only to customers with Websense Data Discover. It does not apply to those with Websense Web Security Gateway Anywhere.
Performing Discovery
126 Websense Data Security
specifying destination channels to scan such as FTP, SMTP, and printers, however, you create a data discovery task that describes where and when to perform the discovery, including specific network and endpoint computers to scan.
On networks, this may include a file system, SharePoint directory, database, or Exchange server.
File systems - Scans your network file systems and identifies data in breach of
policies.
SharePoint - Scans SharePoint directories and identifies data in breach of policies. Database - Scans the organization’s database servers and detects confidential
information that is defined as policy breaches in tables.
Exchange - Scans the organization’s Exchange servers and detects confidential
information that is defined as policy breaches in mailboxes and public folders. If you’re performing endpoint discovery, it includes the exact devices to scan. Data discovery policies are different from data usage policies in other subtle ways as well. For example, you tend to classify content differently in database discovery than you do on Web channels.
In addition, a false positives or false negatives in discovery are typically less troubling, because the information is not being sent out of the organization.