You can choose to send Safetica 10 alerts to your SIEM software. Each Safetica DLP log contains an alert type number and description of the violation.
Information in this article applies to Safetica 10 or older.
This feature is only available for Safetica Enterprise.
Integration with SIEM can be set up individually for each alert in the fourth step of alert configuration:
Below, you can see an example of a Safetica DLP log sent to SIEM:
Safetica@1 Id="92334" Type="103014" User="John Smith" Computer="PC101" Details="Unprotected sensitive data leaving the endpoint. Data categories: None. This alert was sent when a large volume of categorized data not protected by DLP policies had left the endpoint. Further data may have left after the alert was sent. (Rules: eMail)"
Logs can be categorized based on the Type number. The table below lists individual Type numbers and the corresponding alert names:
| Type number | Alert |
| 103012 | DLP policy violation |
| 103013 | Cumulative DLP policy violation |
| 103014 | Unprotected sensitive data leaving the endpoint |
| 103015 | Unprotected sensitive data leaving the endpoint to a specific destination |
| 101002 | Website access denied |
| 102001 | Application access denied |
| 104001 | Unknown device connected |
| 104002 | Device connection denied |
| 107001 | Safetica Client stopped unexpectedly |
| Type number | Alert |
| 200009 | Files moving or copying on USB disk |
| 200020 | Files uploaded to cloud |
| 200021 | Tagged files uploaded to cloud |
| 200022 | Tagged files sent via e-mail |
| 200001 | Time spent on web categories |
| 200002 | Received e-mails count |
| 200003 | Sent e-mails count |
| 200004 | Data downloaded |
| 200005 | Data uploaded |
| 200006 | Time spent on application categories |
| 200010 | Printed documents count |
| 200011 | Printed pages count |
| Type number | Alert |
| 106002 | Wrong password to Safetica inserted multiple times |
| 300001 | Database size is near the maintenance limit |
| 300002 | Categories update failed |
| 300003 | Unexpected termination of Safetica Management Service |
| 300008 | Insufficient space on drive for databases |
| 300005 | Scheduled task failed |
| 300006 | Incorrect license status |
| 300004 | Disk space of server data folder is running low |
| 300009 | Certificate alerts |
| 300010 | SMS threats |
| 300011 | FortiGate sync error |
Encoding of the alerts with special characters
We suggest setting up the UTF-8 encoding multibyte encoding in your SIEM if you have alerts with certain accent characters sent from Safetica. Another way would be to not use these characters.