Views:

Configure the following event notification to notify administrators when a significant increase in DLP incidents by user occurred over a predefined period.

  1. Go to Detections > Notifications > Event Notifications.

    The Event Notifications screen appears.

  2. Click Data Loss Prevention.

    A list of events appears.

  3. In the Event column, click Significant incident increase by user.

    The Significant Incident Increase by User screen appears.

  4. Specify the following notification settings.

    Settings

    Description

    Hourly

    Specify the number of hourly incidents.

    Daily

    Specify the number of daily incidents.

  5. Select recipients for the notification.
    1. From the Available Users and Groups list, select contact groups or user accounts.
    2. Click >.

      The selected contact groups or user accounts appear in the Selected Users and Groups list.

  6. Enable one or more of the following notification methods.

    Method

    Description

    Email message

    To customize the email notification template, use supported token variables or modify the text in the Subject and Message fields.

    For more information, see Standard Token Variables and Data Loss Prevention Token Variables.

  7. To test if recipients can receive the event notification, click Test.
  8. Click Save.