Data Loss Prevention Token Variables

Variable

Description

DLP variables: Used by scheduled incident summary and incident details updated events

%DLP_INCIDENT_TOTAL_NUM%

The total number of incidents triggered by directly managed users

%DLP_INCIDENT_HIGH_NUM%

The total number of high severity incidents triggered by directly managed users

%DLP_INCIDENT_MED_NUM%

The total number of medium severity incidents triggered by directly managed users

%DLP_INCIDENT_LOW_NUM%

The total number of low severity incidents triggered by directly managed users

%DLP_INCIDENT_INFO_NUM%

The total number of informational incidents triggered by directly managed users

%DLP_INCIDENT_UNDEFINED_NUM%

The total number of undefined severity incidents triggered by directly managed users

%DLP_INCIDENT_ALLTOTAL_NUM%

The total number of incidents triggered by all managed users

%DLP_INCIDENT_ALLHIGH_NUM%

The total number of high severity incidents triggered by all managed users

%DLP_INCIDENT_ALLMED_NUM%

The total number of medium severity incidents triggered by all managed users

%DLP_INCIDENT_ALLLOW_NUM%

The total number of low severity incidents triggered by all managed users

%DLP_INCIDENT_ALLINFO_NUM%

The total number of informational incidents triggered by all managed users

%DLP_INCIDENT_ALLUNDEFINED_NUM%

The total number of undefined severity incidents triggered by all managed users

%DLP_START_TIME%

The start date and time for the reporting period

%DLP_END_TIME%

The end date and time for the reporting period

%weblink%

The link to view details of the incident information listed in the notification message

%INCIDENTID%

Incident ID number

%SEVERITY%

Incident severity level

%POLICY%

Control Manager policy name

Note:

For incidents triggering DLP policies created on the managed product console, the Control Manager policy name appears as N/A.

%ACCOUNT%

User name

%OLD_STATUS%

Incident status before modification

%NEW_STATUS%

Incident status after modification

%LATEST_COMMENT%

The latest comments about the incident

%DLP_VIOLATION_NUM%

The number of violations matching DLP policies

%DLP_THRESHOLD%

The number of violations that must be triggered to indicate a significant increase on policy violations

%DLP_TEMPLATE%

Template matching the significant incident increase

%DLP_USER_NAME%

The user name associated with the endpoint that triggered the DLP policy violation

%DLP_SENDER%

The sender of the message that triggered the DLP policy violation

%DLP_CHANNEL%

The channel of the incident that triggered the DLP policy violation

%STATUS_CHANGE_TIME%

Incident details updated