DLP Incident Status History
Contains historical information about incident status changes within the Data Loss Prevention system, including details about who performed the change and when. Information specific to this cube includes the total number of incident actions, change date, username, and more.
Dimensions
- Change – Date: Date the incident status was changed
- Change – Date Range: Date range the incident status was changed
- Change – Day of Week: Day the incident status was changed
- Change – Month: Month the incident status was changed
- Change – Quarter: Quarter the incident status was changed
- Change – Week Number: Week number the incident status was changed
- Change – Year: Year the incident status was changed
- Change – Hour: Hour the incident status was changed
- Change – Minute: Minute the incident status was changed
- Change – Second: Second the incident status was changed
- Change – Time: Time the incident status was changed
- Change – User: DLP user name that performed the change
- Detection – Date: Incident detection date as reported by the detection server
- Detection – Date Range: Incident detection date range as reported by the detection server
- Detection – Day of Week: Incident detection day as reported by the detection server
- Detection – Month: Incident detection month as reported by the detection server
- Detection – Quarter: Incident detection quarter as reported by the detection server
- Detection – Week Number: Incident detection week number as reported by the detection server
- Detection – Year: Incident detection year as reported by the detection server
- Detection Server – Name: Detection server name as shown in the
- Systems Overview page
- Detection Server – Type: Detection Server channel name as shown in the System Overview page
- Detection – Hour: Incident detection hour as reported by the detection server
- Detection – Minute: Incident detection minute as reported by the detection server
- Detection – Second: Incident detection second as reported by the detection server
- Detection – Time: Incident detection time as reported by the detection server
- Incident – ID: Incident ID
- Incident – Next Status: Next status assigned to the incident. If the incident status is not changed, next status will be set to unknown
- Incident – Next Status Group: Next status group as defined in the Enforce console
- Incident – Severity: Incident severity
- Incident – Status: Incident status as shown in the incident snapshot
- Incident – Status Group: Incident status group as defined in the Enforce console
- Incident – Product Area: Incident type
- Next Change – Date: Date when the Incident Next Status value was changed. If the status remains unchanged, this will show up as unknown
- Next Change – Date Range: Date range when the Incident Next Status value was changed. If the status remains unchanged, this will show up as unknown
- Next Change – Day of Week: Day when the Incident Next Status value was changed. If the status remains unchanged, this will show up as unknown
- Next Change – Month: Month when the Incident Next Status value was changed. If the status remains unchanged, this will show up as unknown
- Next Change – Quarter: Quarter when the Incident Next Status value was changed. If the status remains unchanged, this will show up as unknown
- Next Change – Week Number: Week number when the Incident Next Status value was changed. If the status remains unchanged, this will show up as unknown
- Next Change – Year: Year when the Incident Next Status value was changed. If the status remains unchanged, this will show up as unknown
- Next Change – Hour: Hour when the Incident Next Status value was changed. If the status remains unchanged, this will show up as unknown
- Next Change – Minute: Minute when the Incident Next Status value was changed. If the status remains unchanged, this will show up as unknown
- Next Change – Second: Second when the Incident Next Status value was changed. If the status remains unchanged, this will show up as unknown
- Next Change – Time: Time when the Incident Next Status value was changed. If the status remains unchanged, this will show up as unknown
- Next Change – User: DLP user who set the Incident Next Status value
- Oracle Database – Host Name: Denotes the Oracle database name and instance name from which the data is obtained
- Policy – Description: Policy description as displayed in the Enforce console
- Policy – ID: Policy ID
- Policy – Name: Policy name
- Policy – Status: Indicates whether the policy is active or inactive
- Role – Description: Role description as displayed in the Enforce console
- Role – Name: Role name as displayed in the Enforce console
Measures
- Incident Count: Total number of incidents.
- Seconds in Status: Total number of seconds in a given status
- Second to Status: Total number of seconds to get to next status
- Status Changes: Total number of status changes