Incident XML interface for use in remediation scripts
Forcepoint DLP creates an XML file every time an incident is generated. The XML file contains incident details that can be used in remediation scripts, such as the nature of the violation and the content itself.
At run time, your script receives the path to the XML file as an input. Your script can parse this XML file and perform addition actions based on the incident details, such as logging to an external system or custom analysis.
The XML Schema Definition (XSD) for this file is shown below:
In this schema:
| Element | Description |
|---|---|
| analysisDetails | Root element. |
| transactionID | The internal transaction ID (unique ID that the system generates for every analyzed transaction). |
| action | The action taken (for example, permit or deny). |
| actionDetails | The action taken per destination. |
| violations | The detected violations, including the policy name and content. |
| name | Descriptive policy name |
| detectedValues | The matched sensitive content and its location (for example, email body or file attachment). |