Alert Management Guiding Principles

Follow our best practices for Alert Management and Remediation

Sensitive data cannot live in any of these applications and must be remediated
As a best practice, any alerts that contain real, sensitive data should be remediated as soon as possible. This will minimize your security risk and will help set the tone for your DLP strategy moving forward.
No action is needed on sample data, test data, or data used in instructions or guides ("expected data")
To lessen the load of which alerts need to be remediated, a best practice is to not take action on sample data or test data. Remediation should only be a focus for sensitive data that is found through the alerts. 
Acknowledge an alert, when reviewed, to avoid duplication of efforts
If you already are reviewing an alert, it should be acknowledged to avoid duplicate efforts.
​

Operationalizing DLP - Previous

Running Historical Scans

Next - Operationalizing DLP

The Nightfall Dashboard

Last modified 1yr ago