Reviewing Incident Details
By clicking the Edit icon in the Action column of the Incident Information screen, the Incident Details screen appears displaying detailed information about the incident. DLP incident reviewers can use this screen to update the incident status and provide comments on the incident.
Item |
Description |
|---|---|
ID |
Unique incident ID |
Status |
Use this to update the review status of the incident. Available options:
|
Severity |
Severity level of the incident Note:
Once Control Manager receives and processes a DLP incident, Control Manager does not update the severity level if changes occur in the managed product. |
Policy |
Name of the Control Manager policy that triggered the incident Note:
For incidents triggering DLP policies created in managed products, this appears as N/A. |
Rule |
Names of the rules from that triggered the incident |
Received |
Date and time when Control Manager received incident data Note:
After receiving DLP logs from managed products, Control Manager needs 30 minutes to process the logs before incident reviewers can view the data. |
Generated |
Date and time the incident occurred in the managed product |
User |
Name of the user who triggered the incident |
Manager |
Name of the user's manager |
Sender |
Source email address |
Recipient |
Destination email address |
Endpoint |
Source host name |
IP |
Source IP address |
Template |
Names of the templates that triggered the incident |
Matching content |
Digital assets that triggered the incident |
File |
Name or link to the file that triggered the incident Note:
The file is quarantined in the managed product. |
SHA-1 |
Hash information of the file |
Subject |
Subject of the email message |
Channel |
Channel through which the transmission occurred |
Action |
Actions taken on the incident |
|
User Justification Reason |
The reasons provided by the agent users when administrators allow users to transfer sensitive data |
|
Comments |
User-defined notes about the incident |
