Violations

In this section, you can display violation triggers or violated rules.

  • Violated rules displays which rules were violated by the incident. Click the information icon to view more details, such as the policy and action plan for the rule. Only the first 500 rules or 500 MB for the incident are displayed.
  • Violation triggers displays the precise values that triggered the violation and how many of those triggers were found. Click the numeric link to view details about the trigger. Only the first 500 triggers or 500 MB for the incident are displayed.
Note: If there are more than 500 violation rules or triggers, go to the Forensics tab. There you can see the complete transaction, including violations.
  1. Click Tune Policy to update your policy for this incident. You can select any of the following:
    • Exclude Source from Rules - Select this option to exclude the incident source from one or more of the rules. You cannot exclude an incident source from an email or Web data loss prevention policy.
    • Disable Policies - Select this option to disable a policy if it is not producing the desired effect. You cannot disable an email or Web data loss prevention policy; you can only disable attributes.
    • Disable Rules - Select this option to disable a rule if it is not producing the desired effect. To disable attributes in an email or Web data loss prevention policy, highlight the policy, click Edit, then de-select Enabled for the desired attributes.

See Tuning policies for more information.