DLP Incidents

The Email > Reporting > DLP Incidents (DLP Incident Summary) page shows information on the incidents of data loss prevention (DLP) policy violations occurring in outgoing mail. The Email Security appliance uses the DLP email policies enabled in the Outgoing Mail Policies table to detect sensitive data sent by your users. Every occurrence of an outgoing message violating a DLP policy is reported as an incident.

Using the DLP Incident Summary report, you can answer these kinds of questions:

  • What type of sensitive data is being sent by your users?
  • How severe are these DLP incidents?
  • How many of these messages are being delivered?
  • How many of these messages are being dropped?
  • Who is sending these messages?

The DLP Incident Summary page contains two main sections:

  • the DLP incident trend graphs summarizing the top DLP incidents by severity (Low, Medium, High, Critical) and policy matches,
  • the DLP Incident Details listing
Details on the Email Reporting DLP Incident Summary Page

Section

Description

Time Range (drop-down list)

A drop-down list that can range from a day to 90 days or a custom range. For more information on time ranges and customizing this for your needs, see the Choosing a Time Range for Reports.

Top Incidents by Severity

The top DLP incidents listed by severity.

Incident Summary

The DLP policies currently enabled for each email appliance’s outgoing mail policies are listed in the DLP Incident Details interactive table at the bottom of the DLP Incident Summary page. Click the name of a DLP policy to view more detailed information.

Top DLP Policy Matches

The top DLP Policies that have been matched.

DLP Incident Details

The DLP Incident Details table shows the total number of DLP incidents per policy, with a breakdown by severity level, and whether any of the messages were delivered in the clear, delivered encrypted, or dropped.

For more information on the DLP Incidents Details table, see the DLP Incidents Details Table.

Click the name of a DLP policy to view detailed information on the DLP incidents detected by the policy. You can use this method to get a list of users who sent mail that contained sensitive data detected by the policy.