icon-unified.svg
Experience Center

Email DLP Data Types and Filters

There are two ways you can use Email Data Loss Prevention (DLP) data types and filters to define the Email DLP activities information that you want to view: in a dashboard or report widget, or when analyzing charts on an Insights page. To learn more about how to analyze your Insights traffic, see Analyzing Traffic Using Insights.

When you add or edit a widget in a dashboard or report and select Email DLP in the Widget Settings dialog, you select a data type to view from the Data Type menu and apply filters that you choose from the Add Filter menu.

On the Logs > Insights > Email DLP Insights page, you select a data type to view from the menu above the chart and apply filters that you choose from the Add Filter menu on the left pane.

The user and department filters list 200 results at a time. They provide search fields in which you can type a few characters and the results narrow to match your input until you find what you want.

Data Types and Filters

Certain filters, like Users, Departments, and others, support the selection of multiple values. For these, you can select up to 200 values in a single filter. You can also choose to include or exclude the selected values.

Certain data types only appear on the Email DLP Insights page and not on the dashboard New Widget window. The following are the Email DLP data types and their associated filters that appear on both pages:

  • Displays Email DLP data associated with the actions taken. You can apply the following filters:

    • Action Taken: Use this filter to limit the data to activities associated with a specific action taken.
      • Allow
      • Block
      • Custom Header Insertion
    • Application: Use this filter to limit the data to activities of a specific application.
    • Department: Use this filter to limit the data to the activities of a specific department.
    • Tenant: Use this filter to limit the data to the activities of a specific tenant.
    • User: Use this filter to limit the data to the Email DLP data of specific users. It lists 200 results at a time. This filter cannot be used in a trend chart.
    Close

  • Displays Email DLP data associated with departments. You can apply the following filters:

    • Application: Use this filter to limit the data to activities of a specific application.
    • Department: Use this filter to limit the data to the activities of a specific department.
    • DLP Engine: Use this filter to view the activities in which data leakage was detected. The default option for this filter is Any. You can search for specific DLP engines.
    • Document Type: Use this filter to limit the data to traffic associated with a specific uploaded or downloaded document type. The following types appear under this filter:
      • Corporate Finance
      • Corporate Legal
      • Court Form
      • DMV
      • Immigration
      • Insurance
      • Invoice
      • Legal
      • Medical Information
      • None
      • Real Estate
      • Resume
      • Tax
      • Technical
      • Unknown
    • Record Type: Use this filter to limit the email activities associated with a specific record type. The following record types appear under this filter:
      • DLP Incident
      • Scan
      • Severity
    • Rule Name: Use this filter to limit the data to activities associated with specific rules in the Email DLP policy. Choose the rules from the list.
    • Severity: Use this filter to limit the data to activities associated with a specific rule severity.
      • High
      • Information
      • Low
      • Medium
    • Tenant: Use this filter to limit the data to the activities of a specific tenant.
    • User: Use this filter to limit the data to the Email DLP data of specific users. It lists 200 results at a time. This filter cannot be used in a trend chart.
    Close

  • Displays Email DLP data associated with DLP engines. You can apply the following filters:

    • Application: Use this filter to limit the data to activities of a specific application.
    • Department: Use this filter to limit the data to the activities of a specific department.
    • DLP Engine: Use this filter to view activities in which data leakage was detected. The default option for this filter is Any. You can search for specific DLP engines.
    • Record Type: Use this filter to limit the email activities associated with a specific record type. The following record types appear under this filter:
      • DLP Incident
      • Scan
      • Severity
    • Tenant: Use this filter to limit the data to the activities of a specific tenant.
    • User: Use this filter to limit the data to the Email DLP data of specific users. It lists 200 results at a time. This filter cannot be used in a trend chart.
    Close

  • Displays Email DLP data associated with document type. This data type cannot be used with a trend chart. You can apply the following filters:

    • Application: Use this filter to limit the data to activities of a specific application.
    • Department: Use this filter to limit the data to the activities of a specific department.
    • Document Type: Use this filter to limit the data to traffic associated with a specific uploaded or downloaded document type. The following types appear under this filter:
      • Corporate Finance
      • Corporate Legal
      • Court Form
      • Immigration
      • Insurance
      • Invoice
      • Legal
      • Medical Information
      • Real Estate
      • Resume
      • Tax
      • Technical
      • Transportation and Motor Department
      • Unknown
    • Record Type: Use this filter to limit the email activities associated with a specific record type. The following record types appear under this filter:
      • DLP Incident
      • Scan
      • Severity
    • Tenant: Use this filter to limit the data to the activities of a specific tenant.
    • User: Use this filter to limit the data to the Email DLP data of specific users. It lists 200 results at a time. This filter cannot be used in a trend chart.
    Close

  • Displays Email DLP data associated with overall traffic. You can apply the following filters:

    • Action Taken: Use this filter to limit the data to activities associated with a specific action taken.
      • Allow
      • Block
      • Custom Header Insertion
    • Application: Use this filter to limit the data to activities of a specific application.
    • Department: Use this filter to limit the data to the activities of a specific department.
    • DLP Engine: Use this filter to view activities in which data leakage was detected. The default option for this filter is Any. You can search for specific DLP engines.
    • Document Type: Use this filter to limit the data to traffic associated with a specific uploaded or downloaded document type. The following types appear under this filter:
      • Corporate Finance
      • Corporate Legal
      • Court Form
      • Immigration
      • Insurance
      • Invoice
      • Legal
      • Medical Information
      • Real Estate
      • Resume
      • Tax
      • Technical
      • Transportation and Motor Department
      • Unknown
    • Record Type: Use this filter to limit the email activities associated with a specific record type. The following record types appear under this filter:
      • DLP Incident
      • Scan
      • Severity
    • Rule Name: Use this filter to limit the data to activities associated with specific rules in the Email DLP policy. Choose the rules from the list.
    • Severity: Use this filter to limit the data to activities associated with a specific rule severity.
      • High
      • Information
      • Low
      • Medium
    • Tenant: Use this filter to limit the data to the activities of a specific tenant.
    • User: Use this filter to limit the data to the Email DLP data of specific users. It lists 200 results at a time. This filter cannot be used in a trend chart.
    Close

  • Displays Email DLP data associated with rule names. You can apply the following filters:

    • Application: Use this filter to limit the data to activities of a specific application.
    • Department: Use this filter to limit the data to the activities of a specific department.
    • Rule Name: Use this filter to limit the data to activities associated with specific rules in the Email DLP policy. Choose the rules from the list.
    • Tenant: Use this filter to limit the data to the activities of a specific tenant.
    • User: Use this filter to limit the data to the Email DLP data of specific users. It lists 200 results at a time. This filter cannot be used in a trend chart.
    Close

  • Displays Email DLP data associated with the severity. You can apply the following filters:

    • Action Taken: Use this filter to limit the data to activities associated with a specific action taken.
      • Allow
      • Block
      • Custom Header Insertion
    • Application: Use this filter to limit the data to activities of a specific application.
    • Department: Use this filter to limit the data to the activities of a specific department.
    • Severity: Use this filter to limit the data to activities associated with a specific rule severity.
      • High
      • Information
      • Low
      • Medium
    • Tenant: Use this filter to limit the data to activities of a specific tenant.
    • User: Use this filter to limit the data to the Email DLP data of specific users. It lists 200 results at a time. This filter cannot be used in a trend chart.
    Close

  • Displays Email DLP data associated with the tenant. You can apply the following filters:

    • Application: Use this filter to limit the data to activities of a specific application.
    • Department: Use this filter to limit the data to the activities of a specific department.
    • DLP Engine: Use this filter to view activities in which data leakage was detected. The default option for this filter is Any. You can search for specific DLP engines.
    • Document Type: Use this filter to limit the data to traffic associated with a specific uploaded or downloaded document type. The following types appear under this filter:
      • Corporate Finance
      • Corporate Legal
      • Court Form
      • Immigration
      • Insurance
      • Invoice
      • Legal
      • Medical Information
      • Real Estate
      • Resume
      • Tax
      • Technical
      • Transportation and Motor Department
      • Unknown
    • Record Type: Use this filter to limit the email activities associated with a specific record type. The following record types appear under this filter:
      • DLP Incident
      • Scan
      • Severity
    • Rule Name: Use this filter to limit the data to activities associated with specific rules in the Email DLP policy. Choose the rules from the list.
    • Severity: Use this filter to limit the data to activities associated with a specific rule severity.
      • High
      • Information
      • Low
      • Medium
    • Tenant: Use this filter to limit the data to activities of a specific tenant.
    • User: Use this filter to limit the data to the Email DLP data of specific users. It lists 200 results at a time. This filter cannot be used in a trend chart.
    Close

  • Displays Email DLP data associated with users. The trend chart does not support this data type. You can apply the following filters:

    • Application: Use this filter to limit the data to activities of a specific application.
    • Department: Use this filter to limit the data to the activities of a specific department.
    • DLP Engine: Use this filter to view activities in which data leakage was detected. The default option for this filter is Any. You can search for specific DLP engines.
    • Record Type: Use this filter to limit the email activities associated with a specific record type. The following record types appear under this filter:
      • DLP Incident
      • Scan
      • Severity
    • Rule Name: Use this filter to limit the data to activities associated with specific rules in the Email DLP policy. Choose the rules from the list.
    • Severity: Use this filter to limit the data to activities associated with a specific rule severity.
      • High
      • Information
      • Low
      • Medium
    • Tenant: Use this filter to limit the data to activities of a specific tenant.
    • User: Use this filter to limit the data to the Email DLP data of specific users. It lists 200 results at a time. This filter cannot be used in a trend chart.
    Close
Related Articles
About DashboardsAbout WidgetsAdding Notes to Dashboards and Interactive ReportsWeb Data Types and FiltersMobile Data Types and FiltersFirewall Data Types and FiltersDNS Data Types and FiltersTunnel Data Types and FiltersEndpoint DLP Data Types and FiltersEmail DLP Data Types and FiltersExtranet Data Types and Filters