Reviewing Incident Details

By clicking the Edit icon in the Action column of the Incident Information screen, the Incident Details screen appears displaying detailed information about the incident. DLP incident reviewers can use this screen to update the incident status and provide comments on the incident.

Table 1. Incident Details

Item

Description

ID

Unique incident ID

Status

Use this to update the review status of the incident.

Available options:

  • New

  • Under Investigation

  • Escalated

  • Closed

Severity

Severity level of the incident

Note:

Once Apex Central receives and processes a DLP incident, Apex Central does not update the severity level if changes occur in the managed product.

Policy

Name of the Apex Central policy that triggered the incident

Note:

For incidents triggering DLP policies created in managed products, this appears as N/A.

Rule

Names of the rules from that triggered the incident

Received

Date and time when Apex Central received incident data

Note:

After receiving DLP logs from managed products, Apex Central needs 30 minutes to process the logs before incident reviewers can view the data.

Generated

Date and time the incident occurred in the managed product

User

Name of the user who triggered the incident

Manager

Name of the user's manager

Endpoint

Source host name

IP address

Source IP address

Sender

Source email address

Subject

Subject of the email message

Recipient

Destination email address

Destination

Intended destination of the file containing the digital asset or channel (if no source is available)

Last modified date

Date and time of the last modification to the asset

Last modified by

Name of the user who last modified the asset

Template

Names of the templates that triggered the incident

File

Name or link to the file that triggered the incident

Note:

The file is quarantined in the managed product.

SHA-1

Hash information of the file

Channel

Channel through which the transmission occurred

Action

Actions taken on the incident

User justification reason

User-defined reasons for allowing users to transfer sensitive data

Matching content

Digital assets that triggered the incident

Comments

User-defined notes about the incident