Websense DLP (now Forcepoint DLP Endpoint) is a comprehensive, secure, and easy-to-use endpoint data loss prevention solution. It monitors real-time traffic and applies customized security policies over application and storage interfaces, as well as for data discovery. This solution allows security administrators to either block or monitor and log files that present a policy breach, and to create policies that don't restrict device usage, but allow full visibility of content traffic. Administrators can monitor user activity inside endpoint applications, endpoint web activities, Microsoft Outlook email, and when users are copying data to external drives and endpoint devices. In the Common Information Model,Websense DLP data can is mapped to the Alerts data model.
Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion:
Getting data in
|Source||Add-ons and Apps||Guidance|
Splunk platformSplunk Add-on for Websense DLP
About the Splunk Add-on for Websense DLP