Security Operations Center (SOC) analysts and incident administrators require streamlined, automated workflows to effectively triage, review, and resolve data security risks. Enterprise Data Loss Prevention (E-DLP) now supports syslog forwarding to enable your data security administrators to integrate Enterprise DLP into your organization’s automatic incident integration within your established security operations platforms. Your data security administrator can create a Log Forwarding profile to automatically forward DLP incident syslogs to your third-party security information and event management (SIEM), Security Orchestration, and Response (SOAR), or other automated ticketing systems.

Enterprise DLP syslog forwarding provides substantial flexibility for large organizations. Your data security administrators can configure a single Log Forwarding profile for multiple enforcement points, or conversely, create a different Log Forwarding profile for each channel. They can also associate the same enforcement channel with multiple Log Forwarding profiles.

Enterprise DLP forwards DLP incident syslogs over a UDP or TCP port and requires a persistent connection to the receiving endpoint (SIEM, SOAR, or ticketing system). While Enterprise DLP automatically continues forwarding incident syslogs after connectivity is restored, the system cannot forward any syslogs that were generated during the period of disconnection. This integration into established systems allows teams to quickly incorporate data security risks into their operational cadence.