Data Loss Prevention reports

A catalog of all available DLP reports can be found on the Main > Reporting > Data Loss Prevention > Report Catalog page.

Click a folder to expand it and see a list of related reports. Click Run to generate the report.

The most common reports are described below.

Incident List

Incidents (last 3 days, last 7 days, or last 30 days)

View a list of all the incidents for the last 3 or 30 days. See detailed information on each incident. Investigate the violated policies and the actions taken by Forcepoint software. Evaluate whether policy changes are needed.

Select this report when to manage incident workflow, remediation, and escalation.

It is also possible to view Incidents by Severity, which shows detailed information about each incident, ranked in severity order.

Executive Dashboard

DLP Dashboard (last 7 days, current quarter, previous quarter) This report provides an overview of information leaks in the system, what actions are being taken on them, which channels are problematic, and what kind of violations are being made.

Risk Assessment

Top Violated Policies

Find out which policies were violated most frequently over the last 7 days. Assess the security risk to your organization.

  • Last 7 Days shows which policies were violated most frequently over the last 7 days.
  • Leaks to Removable Media Devices shows which policies users are violating when they copy confidential information to removable devices.

Note: Users can see only those policies for which they have authorization.

User Risk Summary (All Incidents) Find out which users generated the most incidents across all active Data Loss Prevention policies.
User Risk Summary (Data Theft Risk Indicators) Learn which users are behaving suspiciously and performing potentially unsafe computer practices.
Incident Risk Ranking - Top Cases

Shows up to 20 cases with the highest risk scores during the selected time period, along with details for those cases.

Requires the Forcepoint DLP analytics engine on a Linux machine.

My Cases Shows the cases that you have flagged for later reference. Requires the Forcepoint DLP analytics engine on a Linux machine.

Severity & Action

Violations by Severity & Action

See incidents by the actions (permit, block, notify) and severities applied to them. Compare the ways Forcepoint software enforces policies, and gain insight into potential policy changes.

  • Last 7 Days shows incidents by the actions (permit, block, notify) and severities from the last 7 days.
  • Credit Card Violations shows credit card-related incidents by the actions and severities applied to them.
  • Violations of Personally Identifiable Information (PII) shows PII incidents by the actions and severities applied to them.

Sources & Destinations

Top Sources & Destinations

Find out who are the top violators involved in data leakage and the top domains where sensitive data was posted.

  • Last 7 Days shows the top violators involved in data leakage and the top domains where sensitive data was posted from the last 7 days.
  • Leaks to Public EMail Web Sites shows the top violators involved in leaking data to public email websites and the top domains of those websites.
  • Leaks to Malicious Web Sites shows the top violators involved in leaking data to malicious websites and the top domains of those websites.
  • Credit Card Number Violations shows who attempted to leak credit card information in plain text and the top destinations to which this information was leaked.
  • PII Violations shows who violated a PII policy and the top destinations to which PII information was leaked.
  • PCI Violations shows who violated a PCI policy and the top destinations to which PCI information was leaked.

Trends

Incident Trends (current and previous quarter) View incident statistics for this quarter. Find out if the number of violations in your organization reduces over time.

Status

Incident Status (last 7 days) View the status of all DLP incidents from the last 7 days.

Geographical Location

Web DLP - Destinations by Severity View the destinations of the most severe outbound web incidents, by geographical region.