Fortra DLP
Visualize Fortra Digital Guardian DLP watchlists, user groups, host groups, incidents, and monitor data loss prevention events through queries and alerts.
- Installation
- Data Model
- Types
Installation
Prerequisites in Fortra Digital Guardian
You will need the following parameters from your Digital Guardian Analytics & Reporting Cloud (ARC) account:
- Access Gateway URL: The base URL for API requests
- Example:
https://accessgw-usw.msp.digitalguardian.com
- Example:
- Authorization Server URL: The OAuth2 token endpoint URL
- Example:
https://authsrv.msp.digitalguardian.com
- Example:
- Client ID: Your API Client ID (Tenant ID)
- Client Secret: Your API Secret (Authentication Token)
Obtaining API Credentials
-
Log in to the Digital Guardian Management Console (DGMC).
-
Navigate to ARC Tenant Settings.
-
Copy and save the following values:
- Tenant ID - This is your Client ID
- Authentication Token - This is your Client Secret
-
From the DGMC, also copy:
- Access Gateway Base URL
- Authorization Server URL
Export Profiles (Optional)
To ingest DLP incidents, you need to configure Export Profiles in Digital Guardian:
-
In DGMC, navigate to Admin > Reports > Export Profiles.
-
Create or identify the export profile(s) you want to use.
-
Copy the Export Profile ID (UUID) for each profile.
For more information about the Digital Guardian External API, refer to the Digital Guardian ARC documentation.
Configuration in JupiterOne
To install the Fortra DLP integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Fortra DLP. Click New Instance to begin configuring your integration.
Creating an instance requires the following:
-
The Account Name used to identify the Fortra DLP account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled. -
Description to assist in identifying the integration instance, if desired.
-
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration. -
Your Digital Guardian Access Gateway URL - The base URL for API requests.
-
Your Digital Guardian Authorization Server URL - The OAuth2 token endpoint.
-
Your Digital Guardian Client ID and Client Secret for OAuth2 authentication.
-
(Optional) Export Profile IDs - Comma-separated list of Export Profile UUIDs to fetch incidents from.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | fortra_dlp_account | Account |
| Export Profile | fortra_dlp_export_profile | Configuration |
| Host Group | fortra_dlp_host_group | Group |
| Incident | fortra_dlp_incident | Incident |
| Service | fortra_dlp_service | Service |
| User Group | fortra_dlp_user_group | UserGroup |
| Watchlist | fortra_dlp_watchlist | Rule |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
fortra_dlp_account | HAS | fortra_dlp_service |
fortra_dlp_account | HAS | fortra_dlp_watchlist |
fortra_dlp_account | HAS | fortra_dlp_user_group |
fortra_dlp_account | HAS | fortra_dlp_host_group |
fortra_dlp_account | HAS | fortra_dlp_export_profile |
fortra_dlp_export_profile | GENERATED | fortra_dlp_incident |
fortra_dlp_service | IDENTIFIED | fortra_dlp_incident |
Fortra Dlp Account
fortra_dlp_account inherits from Account
| Property | Type | Description | Specifications |
|---|---|---|---|
accessGatewayUrl | string | ||
authorizationServerUrl | string |
Fortra Dlp Export Profile
fortra_dlp_export_profile inherits from Configuration
| Property | Type | Description | Specifications |
|---|---|---|---|
fieldCount | number | ||
totalHits | number |
Fortra Dlp Host Group
fortra_dlp_host_group inherits from Group
| Property | Type | Description | Specifications |
|---|---|---|---|
isReadOnly | boolean | ||
memberCount | number |
Fortra Dlp Incident
fortra_dlp_incident inherits from Incident
| Property | Type | Description | Specifications |
|---|---|---|---|
agentVersion | string | ||
alarmName | string | ||
assignee | string | ||
eventTime | number | ||
eventType | string | ||
guid | string | ||
machineId | string | ||
machineName | string | ||
machineType | number | ||
machineTypeName | string | ||
numericSeverity | number | ||
processedTime | number | ||
state | string | ||
userName | string |
Fortra Dlp Service
fortra_dlp_service inherits from Service
Fortra Dlp User Group
fortra_dlp_user_group inherits from UserGroup
| Property | Type | Description | Specifications |
|---|---|---|---|
isDynamic | boolean | ||
isReadOnly | boolean | ||
memberCount | number |
Fortra Dlp Watchlist
fortra_dlp_watchlist inherits from Rule
| Property | Type | Description | Specifications |
|---|---|---|---|
authorId | string | ||
grouping | string | ||
isDeleted | boolean | ||
permRead | string | ||
permWrite | string | ||
scope | string | ||
tenantId | string | ||
version | number | ||
versionAuthor | string | ||
watchlistType | string |