Users with De-identification Enabled
Full administrators with De-identification enabled will continue to see identifiable information in the Data Loss Prevention Report.
- Navigate to Reporting > Additional Reports > Data Loss Prevention.
- Click Filters to add filtering options.
- Filter results by Block, Monitor, or both. By default, none are selected so both actions are displayed.
- Filter results by Identity Type.
- View results in the report table.
- Detected—The date and time of detection.
- Identity—The identity which made the request.
- File Name—The name of the file where a classification match was found. When content is found in a message or a post, the File name displays Content.
- Destination—The destination where the content was scanned.
- Data Classification—The number of matches and classification(s) for the content that was found.
- Action—Whether the content was monitored or blocked.
- Type—The type of file where the identifier was matched.
- Size—The file or post size.
- Click the action menu (three dots) to view further details of an event.
The event details displays some of the same content as the report table, with additional information:
- Destination URL—The URL of the destination for the event.
- Rule Triggered—The rule that triggered the event.
- Application—The application where the file was uploaded or posted.
- Classification—The classification that matched the content found in the event. Clicking the caret will display the excerpts where the matches were found.
- SHA256 Hash—The unique SHA256 hash for the file.
You can search the Data Loss Prevention Report by keyword to find specific events.
Alternatively, click Advanced in the search bar to bring up the advanced search. You can search for events by identity, destination (including applications), rule, data identifier, or the file hash. Click Apply to apply the filters to the report.
(Draft) Cloud Malware Report (March 2021) < Data Loss Prevention Report >
Updated about a month ago