Alerts
The Alerts tab displays detailed information on alerts recorded in the organization. For each alert the severity, reporting time, rule name, category, user, reporting products, and other details are displayed in a tabular view.
Note: The Alerts tab displays detailed information on alerts recorded in the organization. For each alert the severity, reporting time, rule name, category, user, reporting
products, and other details are displayed in a tabular view. Alerts are retained for 90 days.
Filtering capability allows for filtering based on specific columns in the Alerts tab. Filtering is supported on following columns: Severity, Reported time (UTC), Activity, Action, Category, Channel, Classification, User, Reporting product, and Destination.
- 1
- Alert id: A unique identifier for each alert.
- 2
- Event id: A unique identifier for the DLP event that triggered the alert.
- 3
- Severity: Indicates the alert severity.
- 6
- Reported time (UTC): Indicates the UTC reporting time for a specific alert.
- 7
- Activity: Description of the user activity that raised the alarm.
- 8
- Action: The action that was taken by the system. For example, Allow or Block.
- 9
- Category: Indicates the category of data breach. For DLP Alerts the category is equivalent to the matched DLP Policy name.
- 4
- Policy: The name of the policy that was matched. If more than one policy matches, the number of additional policies is displayed, and users can click it to view the additional policy names.
- 5
- Maximum matches: The maximum number of violations triggered by any given rule in the Incident.
- 20
- Transaction size:
- 10
- Channel: Indicates the channel used by the specific user activity that led to the alerts.
- 11
- Classification: The type of policy matched. For example: PCI/PII.
- 12
- User: User performing the activity that generated the alert.
- 13
- Reporting product: The product that was used to monitor and report the user activity. DLP indicates it is primarily an alert originating from the configured Data Protection Policy, while Neo indicates it is an alert originating from either the configured Device Control or User Activity Monitoring rules.
- 14
- Destination: The targets of the data that triggered the alert. For example, email addresses to whom the content was sent by email.
- 15
- Reporting time (Local): Indicates the local reporting time for a specific alert.
- 16
- Column selector: Used to configure which columns to display in the table.
- 17
- Search: Allows you to find a specific user by their name.
- 18
- Download Agent: Download the latest agent version.
- 19
- Export to CSV: Allows you to export the alert details to a CSV file.