Incidents by geographical location

Forcepoint DLP can monitor or restrict data being sent via the Web to specific countries. Geolocation reports display incidents by the geographical location to which data was sent.

Use the Main > Reporting > Data Loss Prevention page in the Data Security module of the Forcepoint Security Manager to access geolocation reports:

1. From the report catalog, expand the Geographical Location folder.
2. Select Web DLP - Destinations by Severity.
3. Click Run to generate the report.

A map of the world appears. (The report is schematic, not an accurate representation of global regions.) This map shows outbound incidents that occurred over the Web channel by severity and the geographical region where content was destined.

• Highlighted areas indicate the destinations for the most severe incidents.

  For example, you might learn that users are trying to upload your most sensitive data to a website or restricted domain in eastern Europe.

• Hover over a highlighted area to view more details about the incidents in that region.
• Click to drill down further.

  The resulting screen shows the total number of incidents using the selected filter for the region.

• Right-click and select Print to print a chart or right-click and select Save As to save the report—with filters applied—under a new name.

To restrict data from being sent to specific countries:

• Add geographical locations to a policy’s Destination page:
  1. Go to the Main > Policy Management > Manage Policies page and open or create a custom policy.
  2. On the Destination page, under Web, click Edit.
  3. Select Countries in the Display field.
• Add geographical locations to a business unit (Main > Policy Management > Resources > Business Units), and then add the business unit to the rule.