Data Loss Prevention

Hello everyone!

As is common knowledge, previously making some changes in the DLP config it was possible to increase the maximum number of incidents exported in the DLP, but after version 16.0 these changes are no longer functional...

Thinking about it, I needed to export this data, but due to these limitations this was no longer possible, I made a simple script in python that extracts the raw data of all incidents from the oracle database so that I could work with the data again .

Maybe the script doesn't have all the data you need, but I hope it can help you as a base.

The script connects to the DB, using a cursor, access the tables INCIDENT, POLICY and DATAOWNER, compare the primary keys and save this in a .csv in the same folder from which the file was executed.

I'm posting here because I know that as I had this difficulty, other people will too and this script can help them.

Feel free to change and contribute to the file, every contribution is always welcome, we need to unite more!

TOOL:
SYMDLPEXTRACTOR (CLICK HERE)

ATTENTION:

When running the script, by default it has a limit of 30000 rows that are extracted, this limit can be changed using the -r parameter, but I recommend not inserting a very large value during office hours since it can generate slowness and even even delay your network processes!!!


Thanks!

Newton Gomes
Cybersecurity Specialist/Consultant
Newton Gomes ∴ | LinkedIn

---EDIT---

I made a few changes in the script to be more optimized and added a new argument.

Version 1.2

• Now the incident severity shows the real value as HIGH, MEDIUM or LOW
• Now the incident extraction extracts from the newest incident to the oldest
• Now it's possible to filter by the incident type using the argument -T or --type

Thanks!
Newton Gomes
Cybersecurity Specialist/Consultant
Newton Gomes ∴ | LinkedIn

Hello everyone!

As is common knowledge, previously making some changes in the DLP config it was possible to increase the maximum number of incidents exported in the DLP, but after version 16.0 these changes are no longer functional...

Thinking about it, I needed to export this data, but due to these limitations this was no longer possible, I made a simple script in python that extracts the raw data of all incidents from the oracle database so that I could work with the data again .

Maybe the script doesn't have all the data you need, but I hope it can help you as a base.

The script connects to the DB, using a cursor, access the tables INCIDENT, POLICY and DATAOWNER, compare the primary keys and save this in a .csv in the same folder from which the file was executed.

I'm posting here because I know that as I had this difficulty, other people will too and this script can help them.

Feel free to change and contribute to the file, every contribution is always welcome, we need to unite more!

TOOL:
SYMDLPEXTRACTOR (CLICK HERE)

ATTENTION:

When running the script, by default it has a limit of 30000 rows that are extracted, this limit can be changed using the -r parameter, but I recommend not inserting a very large value during office hours since it can generate slowness and even even delay your network processes!!!


Thanks!

Newton Gomes
Cybersecurity Specialist/Consultant
Newton Gomes ∴ | LinkedIn