Using the Incident Manager

Use the Reporting > Report Center > Incident Manager page to find full details about data security incidents. Where Report Builder shows you high-level analysis of data security results, Incident Manager gives you an additional layer of granular information for each incident. You can manipulate the data further by adding extra filters and columns.

In the Incident Manager, you can:

  • Edit the filters and date range for the incidents you want to review.
  • Select the columns to display from the Columns drop-down. Click Close when you have made your selections.
  • Use the Rows drop-down to configure the maximum number of rows displayed in the table. The default is 100, and up to 200 rows many be shown.
  • Click a column heading to make it the active column for sorting transactions. Click again to switch between ascending and descending order.
    Note: To sort incidents by timestamp, click the Date column, not the Time column. Sorting by the Date column automatically orders transactions by both date and time.
  • Delete columns by clicking the X icon in a column heading. Note that you cannot delete the current active column.
  • Drag attributes left-hand pane into the Filters field.
  • Drag attributes from the left-hand pane into the main report pane to add them as new columns.
  • Enable Detail View to see more detail for the selected incident. You can also double-click a row to open Detail View. The Incident Details pane opens at the bottom of the page, and contains 3 tabs:
    • Matches shows the policies and classifiers that were matched, as well as the number of matches, for the incident. Administrators with appropriate permissions can also see the content that matched the classifiers.
    • Source & Destination shows name, IP address, and group information for the end user who made the request (source), and IP address, URL, and geographical location for the target of the request (destination).
    • Properties shows the severity, incident time, top matches, file name (if applicable), and policy for the selected incident, as well as any other available attributes from the incident table.

When you have configured the Incident Manager, you can save or export the report as follows:

  • To save the report to run again, click the Save icon in the button bar above the table.

    When prompted, provide a name and description for the report, then select a folder. When you are finished, click Save Report.

    • To schedule a saved report, click the Schedule icon in the button bar above the table.
    • To share a saved report, click the Share icon in the button bar above the table.
  • To export selected transactions in PDF or CSV format, click the PDF or Excel icon at the top, right of the page.

    In PDF format you have the option to export the Detail View for the incidents you select. This export is limited to 20 incidents.

If you are working in a saved report and want to create a new report, click the New icon in the button bar above the table.