Data Loss Prevention (DLP) Incidents
Table of Contents
The incident Summary provides the following details:
Object Type—the type of document or file that triggered the incident.
Name—the name of the document.
Asset Size—the size of the file.
Platform—which platform the incident occurred in.
Owner—the user name of the owner of the file.
Reason—what caused the incident (e.g. matching criteria in a context policy) and the date and time stamp of the occurrence.
Policy—which policy the file triggered an incident for.
Status—the current status of the incident.
Severity—the severity of the incident as chosen in policy criteria.
Access Control allows you to see who has access to the file that triggered the incident. The Sharing Settings display the owner of the file and any exposures the file may have. A list of collaborators and their access level is also provided.
The Incident History provides a list of events that affected the incident, such as a response action workflow or revoking access to a file.
Incident Notes enables collaborating users to add any notes regarding the incident for auditing or review purposes.
Custom Regex and Predefined policy incidents have the same Summary details as context policies:
Object Type—the type of document or file that triggered the incident.
Name—the name of the document.
Asset Size—the size of the file.
Platform—which platform the incident occurred in.
Owner—the user name of the owner of the file.
Policy—which policy the file triggered an incident for.
Status—the current status of the incident.
Severity—the severity of the incident as chosen in policy criteria.
However, instead of a Reason field, this summary provides a list of matches where the regular expression was found in the document.
Access Control will provide any possible exposures and the file owner.
Incident History displays a list of events affecting the incident such as response action workflow or viewing the object.
Updated about 2 years ago