DLP Incident Details Cube

Contains information about incidents generated by any data loss prevention product as well as the conditions that triggered those incidents. Information specific to this cube includes the total number of incidents, number of violations, the name of the policy that generated the incident, the conditions within those policies, the incident severity, status, and type.

Dimensions

  • Condition – Detection or Group: Indicates whether the condition belongs to one of two rule types
  • Condition – ID: Condition ID
  • Condition – Is Latest: Indicates whether or not this is the latest version of the condition
  • Condition – Minimum Matches: Specifies the minimum number of matches required to trigger the condition and generate an incident
  • Condition – Processing Order: Denotes the order in which conditions are processed
  • Condition – Rule or Exception: Indicates whether the condition was added as a rule or as an exception
  • Condition - Status: Captures historical changes of the condition status
  • Condition – Type: Describes the type of matching used in the condition
  • Condition – Unique or Multiple Matches: Indicates the match counting type selected in the condition
  • Custom Attribute – Name: Lists all user-defined custom attributes
  • Custom Attribute – Value: Lists values assigned to the custom attributes
  • Data Owner – Name: Name of the person responsible for remediating the incident
  • Data Owner – Email: Email address of the person responsible for remediating the incident.
  • Detection – Date: Incident detection date as reported by the detection server
  • Detection – Date Range: Incident detection date range as reported by the detection server
  • Detection – Day of Week: Incident detection day as reported by the detection server
  • Detection – Month: Incident detection month as reported by the detection server
  • Detection – Quarter: Incident detection quarter as reported by the detection server
  • Detection – Week Number: Incident detection week number as reported by the detection server
  • Detection – Year: Incident detection year as reported by the detection server
  • Detection Server – Name: Detection server name as shown in the Systems Overview page
  • Detection Server – Type: Detection Server channel name as shown in the System Overview page
  • Detection – Hour: Incident detection hour as reported by the detection server
  • Detection – Minute: Incident detection minute as reported by the detection server
  • Detection – Second: Incident detection second as reported by the detection server
  • Detection – Time: Incident detection time as reported by the detection server
  • Incident – ID: Incident ID
  • Incident – Severity: Incident severity
  • Incident – Status: Incident status as shown in the incident snapshot
  • Incident – Status Group: Incident status group as defined in the Enforce console
  • Incident – Product Area: Incident type
  • Message Component – Document Format: File format used in the message
  • Message Component – MIME Type: MIME type used in the message
  • Message Component – Name: Name used in the message
  • Message – Date: Date the message was received by the detection server or endpoint client
  • Message – Date Range: Date range the message was received by the detection server or endpoint client
  • Message – Day of Week: Day the message was received by the detection server or endpoint client
  • Message – Month: Month the message was received by the detection server or endpoint client
  • Message – Quarter: Quarter the message was received by the detection server or endpoint client
  • Message – Week Number: Week number the message was received by the detection server or endpoint client
  • Message – Year: Year the message was received by the detection server or endpoint client
  • Message – Hour: Hour the message was received by the detection server or endpoint client
  • Message – Minute: Minute the message was received by the detection server or endpoint client
  • Message – Second: Second the message was received by the detection server or endpoint client
  • Message – Time: Time the message was received by the detection server or endpoint client
  • Oracle Database – Host Name: Denotes the Oracle database name and instance name from which the data is obtained
  • Policy – Description: Policy description as displayed in the Enforce console
  • Policy – ID: Policy ID
  • Policy – Is Deleted: Indicates whether or not the policy has been deleted
  • Policy – Is Latest Version: Indicates whether or not the policy version is the latest
  • Policy – Name: Policy name
  • Policy – Status: Indicates whether the policy is active or inactive
  • Policy – Version: Policy version number
  • Policy – Group Name: Policy Group names as defined in the Enforce console
  • Rule – Name: Name given to the detection or exception rule

Measures

  • Incident Count: Total number of incidents for all incident types.
  • Match Count: Total number of matches for all incident types.