Data Security reports
Data Security reports can contain the attributes shown in the table below.
Note that data is only displayed in your report if the relevant classifier, category, regulation, etc. is included in your web policy. This is configured on the Data Security tab of the policy and the data is specific to policies configured with DLP Lite.
Data for some attributes is not available for policies configured with Data Protection Service. Use Forcepoint DLP to view and report on incidents not included in the these reports. See Viewing Incidents and Reports for more information.
Name | Description | Filter values |
---|---|---|
Data Security | ||
Action | Select Blocked to view incidents where potential data loss or theft was prevented. Select Monitored to view those that were permitted. | Check boxes |
Content Category |
Select the types of content classifiers to include in the report:
Only incidents that breach these types are shown in the report. |
Check boxes |
Content Classifier |
Enter the names of the content classifiers that you want to include in the incident report, one entry per line. For example: PCI: Credit Card Magnetic Strips US PII UK PII Pattern-1 KeyPhrase-X MyDictionary Only incidents that breach these classifiers are shown in the report. |
Manual text |
Event ID |
Enter unique incident identifiers, one entry per line. Event IDs are15-digit numerals. For example: 123-456-789-000-123 124-457-789-000-124 You can enter full or partial IDs. If you enter more than 3 digits, you must include hyphens. For example, “456-7”. “Event ID contains 547” will show all events containing that number. |
Manual text |
Content Subcategory |
Select the particular content subcategories to include in the report. For example, PII and PHI are subcategories of the content category, Regulatory Compliance. Choose them if you want to show only PII and PHI incidents in the report. You can choose from the following. Regulatory Compliance
See Regulations for a description of the regulations. Data Theft
See Data Theft for a description of the data theft policies. Custom Classifiers
Create these under , and then enable them on the Data Security tab of your policy. |
Check boxes |
Severity |
Incidents can be classified as high, medium, or low severity. Select the severities to include in the report. The severities of regulatory and data theft incidents are automatically decided by the system. This calculation takes both the prescribed severity of the incident and the number of matched violations into account. Custom classifier severities are user-defined. |
Check boxes |
Top Matches |
Top matches indicates the number of matches on the incident’s most violated rule. For example, if rule A in MyPolicy has 2 matches, rule B has 5 matches, and rule C has 10 matches, top match equals 10. Enter the threshold for top matches to include in the report (a numeric value), and then select the operator to use: equal to, greater than, etc. If you enter Top Match > 10, then all incidents with a top match of 10 or more are included in the report. |
Numeric |
Transaction Size |
Enter a numeric value to indicate the size of transactions to include in the report—namely, transactions that resulted in incidents. Next, select the operator to use: equal to, greater than, etc. For example, you can show transactions greater than 200 KB. |
Numeric (in KB) |
Web Category | Category of the website that was used for the data transaction. | Auto-completed text |
Web Policy | Name of the web policy that was violated. | Auto-completed text |
Source & Destination | ||
Connection IP | IP address of connection to the cloud service. | Manual text |
Destination Country | Country in which the destination IP address is located. | Auto-completed text |
Destination IP | Enter the IP address of the destination site you want included in the report. | Manual text |
Domain |
Enter the domain name of the destination site you want included in the report. For example: cnn.co.uk |
Manual text |
Full URL |
Enter the full URL of the destination site you want included in the report. For example: |
Manual text |
Source Country | Country in which the source IP address is located. | Auto-completed text |
User |
Enter the name or IP address of the users you want included in the report. For example: jdoe 10.2.33.7 To show records where User is empty, select “Include results with no User”. |
Manual text |
Media | ||
File Name(s) |
If you want to see incidents that involved specific files, enter the name of the files, one entry per line. For example: confidential.doc myData.xls |
Manual text |
Time | ||
Date | In the left box, click the dates to include in the report, and then click the right arrow to select them. | Selector |
Hour |
Select the time of interest. For example: 9:35 23:00 |
Selector |