Folding, chaining and grouping incidents
Grouping incidents is an effective way to summarize data and overcome the deluge of incidents. In principle, an incident group is a collection of incidents that can be meaningfully
described. Forcepoint DLP defines four basic types of groups:
- Basic cases and folding
- Incident chains and processes
- Superfluous incidents
- Behavioral baselines and anomalies