Severity and Action for Risk-Adaptive Protection users

If you are using Risk-Adaptive Protection to determine actions according to the source’s risk level, select an action plan for each one of the risk levels (1-5). For each severity level in a rule, you can also configure a Dynamic User Protection Severity value that impacts the risk score calculation for a user in Forcepoint Dynamic User Protection. The following severity levels are available:

  • Level 1 -None : DLP incidents are not reported to Forcepoint Dynamic User Protection.
  • Level 2 - Low: DLP incidents are of low importance. The policy breach is minor.
  • Level 3 - Medium: DLP incidents are of medium importance. The policy breach is moderate.
  • Level 4 - High: DLP incidents are important and should be monitored. The policy breach is significant.
  • Level 5 - Critical: DLP incidents are very important and warrant immediate attention. The policy breach is severe.
The Action plan defines what action to take when a breach is detected. The following actions are listed in Action plan drop-down:
  • Audit Only: monitor and record (audit) incidents
  • Block All: block and audit incidents. In addition, if notifications are configured, generate notifications
  • Audit and Notify: monitor and record incidents. In addition, if notifications are configured, generate notifications.
  • Drop Email Attachments: remove email attachments that violate policy.
  • Audit without Forensics: monitor and record incidents without recording forensic data.
  • Block without Forensics: block and audit incidents without recording forensic data

If the severity value does not match the system default for the User-Risk Impact, a notification is displayed.

Dynamic User Protection Severity values can also be batch-configured. See the Updater rules of a current policy section.

For more information on the Forcepoint Dynamic User Protection treatment of Dynamic User Protection Severity, see the Dynamic User Protection Help document on the Forcepoint Support site.

Click the Add button ( ) to create a new action plan and add it to all risk-level action-plan lists. You can then select the new action plan for each risk level.

See the Risk-Adaptive Protection section, and the Analytics section.

Note: The Risk-Adaptive Protection section only affects users that were defined as risk-adaptive users (see the Custom user directory groups section and the Custom users section, on how to define such users.)