What are discovery and DLP incidents?

A discovery incident is created when content that matches one or more rules in a discovery policy is found.
A DLP incident is created when content that matches one or more rules in a DLP policy is found.

When remediation scripts are used, each incident results in an XML file that contains the incident details. Details include:

Information about the rule or rules that were matched
Other meta data, such as the file permissions, source and destination, the policy engine name, and so on
The available meta data varies based on the type of incident.

The full path to the XML file is used as the first command-line parameter passed to the remediation script.