The Endpoint DLP Report: Incidents page gives visibility and insight into your organization's Endpoint Data Loss Prevention (DLP) traffic for all the incidents.

About the Endpoint DLP Report: Incidents Page

On the Endpoint DLP Report: Incidents page (Analytics > Internet & SaaS > Analytics > Endpoint DLP Reports > Incidents), you can do the following:

1. Filter the report for the last 7 days, 15 days, or month.
2. Analyze More: Further analyze the incidents in a detailed view.
   • Detailed View

     The detailed view is divided into 3 columns; Channel, Content Type (DLP Dictionaries, DLP Engines, or ML Categories), and Users. To drill down for specific data:

     1. Select the time period for which you want to see the data. You can select for the last 7 days, 15 days, or last month.

     2. Filter the data for specific action taken, severity, or content type. You can choose to show or hide filters from the top right of the page.

        The Channel column populates the data determined by your selections. Each channel tile shows the number of incidents generated by them and their percentage contribution to the total incidents generated by the channel.

     3. Select the channel for which you want to view the data.

        The Content Type (DLP Dictionaries, DLP Engines, or ML Categories) column is updated for the selected channel. Each content type tile shows the number of incidents discovered by them and their percentage contribution to the total incidents discovered by the content type.

     4. Select the content type for which you want to further drill down the data.

        The User column is updated for the selected content type. Each user tile shows the number of incidents by the user and the percentage contribution to the total incidents generated by all the users.

        Additionally, you can click the Download icon () to export any column data to a comma-separated value (CSV) file. When you select an item in a column, the option to export as a CSV file is no longer available for that column.

     See image.

     

     Close

     Close
3. Incidents by Severity: View incidents for each severity. Hover over a date to view the number of incidents for each severity for that date. You can choose to view the graph for specific severities from the bottom of the graph. By default, all severities are selected.
4. Incidents by Action: View incidents for each action. Hover over a date to view the number of incidents for each action for that date. You can choose to view the graph for specific actions from the bottom of the graph. By default, all actions are selected.
5. Top Users: View the top users generating the incidents. The number of users displayed in this section depends on the number of incidents generated by the users. You can see the total number of incidents generated by each user. Hover over the severity bars to view the number of incidents generated for each severity by the users. You can choose to view the graph for specific severity from the bottom of the graph. By default, all severities are selected.
6. Incidents by Channels: View incidents by channels. You can see the total number of incidents for each channel. Hover over the action bars to view the number of incidents by each action. You can choose to view the graph for specific action from the bottom of the graph. By default, all actions are selected.
7. Go to the Overview page.