DLP Discover Incident Summary Cube
Contains information about incidents discovered by a Discover Data Loss Prevention scan. Information specific to this cube includes the total number of incidents and matches, the name of the policy that generated the incident, the incident severity and status.
Dimensions
- Custom Attribute – Name: Lists all user-defined custom attributes
- Custom Attribute – Value: Lists values assigned to the custom attributes
- Data Owner – Name: Name of the person responsible for remediating the incident.
- Data Owner – Email: Email address of the person responsible for remediating the incident.
- Detection – Date: Incident detection date as reported by the detection server
- Detection – Date Range: Incident detection date range as reported by the detection server
- Detection – Day of Week: Incident detection day as reported by the detection server
- Detection – Month: Incident detection month as reported by the detection server
- Detection – Quarter: Incident detection quarter as reported by the detection server
- Detection – Week Number: Incident detection week number as reported by the detection server
- Detection – Date: Incident detection date as reported by the detection server
- Detection – Date Range: Incident detection date range as reported by the detection server
- Detection – Day of Week: Incident detection day as reported by the detection server
- Detection – Month: Incident detection month as reported by the detection server
- Detection – Quarter: Incident detection quarter as reported by the detection server
- Detection – Week Number: Incident detection week number as reported by the detection server
- Detection – Year: Incident detection year as reported by the detection server
- Detection – Hour: Incident detection hour as reported by the detection server
- Detection – Minute: Incident detection minute as reported by the detection server
- Detection – Second: Incident detection second as reported by the detection server
- Detection – Time: Incident detection time as reported by the detection server
- Discover Incident – ContentRoot: Lists Content Roots that were scanned by the discover server
- Discover Incident – Document Name: Name of the file that triggered the incident
- Discover Incident – File Owner: Creator of the file or item that triggered the incident
- Discover Incident – Repository Location: Full path of the file that triggered the incident
- Discover Incident – Scanned Machine: Host name of the scanned computer
- Discover Incident – Target Type: Discover target type
- Discover Incident – File Location: Full path of the file that triggered the incident
- Discover Incident – ACL Type: ACL permission type Note: Possible values are: File
- Discover Incident – Grant or Deny: Indicates whether the ACL type assigned permission is grant or deny
- Discover Incident – File Permission: Permission assignment corresponding to the Grant or Deny dimension
- Discover Incident – File Permission Username: Username or group granted the given file permission
- Discover Incident – Protect Status: Indicates the remediation action taken on the discovered file
- Discover Scan – In Process Scan: Indicates whether or not the scan is in progress
- Discover Scan – Initial Scan: Indicates whether or not this is the first scan performed on the discover target
- Discover Scan – Instance ID: Discover scan instance ID
- Discover Scan – Last Completed Scan: Indicates whether or not this is the last scan performed on the discover target
- Discover Scan – Target Type: Denotes the type of data repository being scanned
- Discover Server – Name: Discover server name
- Discover Target – Name: Discover target name as shown in the Enforce console
- Incident – ID: Incident – ID
- Message Component – Document Format: File format used in the message
- Message Component – MIME Type: MIME type used in the message
- Message Component – Name: Name used in the message
- Incident – Severity: Incident severity
- Incident – Status: Incident status as shown in the incident snapshot
- Incident – Status Group: Incident status group as defined in the Enforce console
- Message – Date: Date the message was received by the detection server or endpoint client
- Message – Date Range: Date range the message was received by the detection server or endpoint client
- Message – Day of Week: Day the message was received by the detection server or endpoint client
- Message – Month: Month the message was received by the detection server or endpoint client
- Message – Quarter: Quarter the message was received by the detection server or endpoint client
- Message – Week Number: Week number the message was received by the detection server or endpoint client
- Message – Year: Year the message was received by the detection server or endpoint client
- Message – Hour: Hour the message was received by the detection server or endpoint client
- Message – Minute: Minute the message was received by the detection server or endpoint client
- Message – Second: Second the message was received by the detection server or endpoint client
- Message – Time: Time the message was received by the detection server or endpoint client
- Oracle Database – Host Name: Denotes the Oracle database name and instance name from which the data is obtained
- Policy – Group Name: Policy Group names as defined in the Enforce console
- Policy – Description: Policy description as displayed in the Enforce console
- Policy – ID: Policy ID
- Policy – Name: Policy name
- Policy – Status: Indicates whether the policy is active or inactive
Measures
- Match Count: Total number of Discover matches.
- Incidents Count: Total number of Discover incidents.