DLP Incident Summary Page

The DLP Incidents (DLP Incident Summary) report page shows information on the incidents of data loss prevention (DLP) policy violations occurring in outgoing mail. The Email Security appliance uses the DLP email policies enabled in the Outgoing Mail Policies table to detect sensitive data sent by your users. Every occurrence of an outgoing message violating a DLP policy is reported as an incident.

Using the DLP Incident Summary report, you can answer these kinds of questions:

  • What type of sensitive data is being sent by your users?

  • How severe are these DLP incidents?

  • How many of these messages are being delivered?

  • How many of these messages are being dropped?

  • Who is sending these messages?

The DLP Incident Summary page contains two main sections:

  • The DLP incident trend graphs summarizing the top DLP incidents by severity (Low, Medium, High, Critical) and policy matches.

  • The DLP Incident Details listing.

To view the DLP Incident Summary report page on the Security Management appliance, select Email from the Product drop-down and choose Monitoring > DLP Incident Summary from the Reports drop-down. For more information, see Using the Interactive Report Pages.

From the DLP Incidents report page you can export raw data to a CSV file. For information on printing or exporting a file, see the Exporting Reporting and Tracking Data.

To search for specific information within your data, see Searching and the Interactive Email Report Pages.

The following list explains the various sections on the DLP Incident Summary report page:

Details on the DLP Incident Summary Page

Section

Description

Time Range (drop-down list)

A drop-down list with options for choosing a time range to view. For more information, see Choosing a Time Range for Reports.

View Data For (drop-down list)

Choose an Email Security appliance for which you want to view the data, or choose All Email Appliances.

See also Viewing Reporting Data for an Appliance or Reporting Group.

Top Incidents by Severity

The top DLP incidents listed by severity.

Incident Summary

The DLP policies currently enabled for each email appliance’s outgoing mail policies are listed in the DLP Incident Details interactive table at the bottom of the DLP Incident Summary page. Click the name of a DLP policy to view more detailed information.

Top DLP Policy Matches

The top DLP Policies that have been matched.

DLP Incident Details

The DLP Incidents Details table shows the total number of DLP incidents per policy, with a breakdown by severity level, and whether any of the messages are delivered in the clear, delivered encrypted, or dropped.

To view Message Tracking details for the messages that populate this report, click a blue number link in the table.