Configuring Dynamic User Protection severity in Forcepoint DLP

Starting in Forcepoint DLP v8.8.1, you have the option to configure the severity of DLP rules, in order to optimize policy and control the impact on the user risk score in Dynamic User Protection.

The Dynamic User Protection Severity option in Forcepoint DLP was previously known as User-Risk Impact. This allows you to independently set the incident severity in Forcepoint DLP and Dynamic User Protection. In Dynamic User Protection, the overall risk displays according to the Dynamic User Protection Severity setting, and is reflected in the color scheme shown in the Matched rules section of Alert details.

For example, you may choose to configure a High severity event in Forcepoint DLP to have a severity of Medium in Dynamic User Protection. This configuration allows you to track events but keep them from adding to a user’s risk score. The following images display this configuration in Forcepoint DLP and Dynamic User Protection, respectively.

As this screen capture displays, events with Medium severity are configured in the Forcepoint DLP policy rule with a Dynamic User Protection severity of Low.

This screen capture displays the Investigation details for an event that has been configured in this way, showing a High severity event that does not affect the risk impact for this user.

This image shows the alert: