By clicking the Edit icon in the Action column of the Incident Information screen, the Incident Details screen appears displaying detailed information about the incident. DLP incident reviewers can use this screen to update the incident status and provide comments on the incident.
Item |
Description |
---|---|
ID |
Unique incident ID |
Status |
Use this to update the review status of the incident. Available options:
|
Severity |
Severity level of the incident Note:
Once Apex Central receives and processes a DLP incident, Apex Central does not update the severity level if changes occur in the managed product. |
Policy |
Name of the Apex Central policy that triggered the incident Note:
For incidents triggering DLP policies created in managed products, this appears as N/A. |
Rule |
Names of the rules from that triggered the incident |
Received |
Date and time when Apex Central received incident data Note:
After receiving DLP logs from managed products, Apex Central needs 30 minutes to process the logs before incident reviewers can view the data. |
Generated |
Date and time the incident occurred in the managed product |
User |
Name of the user who triggered the incident |
Manager |
Name of the user's manager |
Endpoint |
Source host name |
IP address |
Source IP address |
Sender |
Source email address |
Subject |
Subject of the email message |
Recipient |
Destination email address |
Destination |
Intended destination of the file containing the digital asset or channel (if no source is available) |
Last modified date |
Date and time of the last modification to the asset |
Last modified by |
Name of the user who last modified the asset |
Template |
Names of the templates that triggered the incident |
File |
Name or link to the file that triggered the incident Note:
The file is quarantined in the managed product. |
SHA-1 |
Hash information of the file |
Channel |
Channel through which the transmission occurred |
Action |
Actions taken on the incident |
User justification reason |
User-defined reasons for allowing users to transfer sensitive data |
Matching content |
Digital assets that triggered the incident |
Comments |
User-defined notes about the incident |