DLP Incident Summary Cube
Contains information about incidents generated by any data loss prevention product. Information specific to this cube includes the total number of incidents, number of violations, the name of the policy that generated the incident, the incident severity, status, and type.
Dimensions
- Custom Attribute – Name: Lists all user-defined custom attributes
- Custom Attribute – Value: Lists values assigned to the custom attributes
- Data Owner – Name: Name of the person responsible for remediating the incident
- Data Owner – Email: Email address of the person responsible for remediating the incident.
- Detection – Date: Incident detection date as reported by the detection server
- Detection – Date Range: Incident detection date range as reported by the detection server
- Detection – Day of Week: Incident detection day as reported by the detection server
- Detection – Month: Incident detection month as reported by the detection server
- Detection – Quarter: Incident detection quarter as reported by the detection server
- Detection – Week Number: Incident detection week number as reported by the detection server
- Detection – Year: Incident detection year as reported by the detection server
- Detection Server – Name: Detection server name as shown in the Systems Overview page
- Detection Server – Type: Detection Server channel name as shown in the System Overview page
- Detection – Hour: Incident detection hour as reported by the detection server
- Detection – Minute: Incident detection minute as reported by the detection server
- Detection – Second: Incident detection second as reported by the detection server
- Detection – Time: Incident detection time as reported by the detection server
- Endpoint Incident – Application Name: The name of the application employed by the end user
- Endpoint Incident – Device Type: Lists the endpoint monitoring channel that triggered the incident
- Endpoint Incident – File Name: Destination name of the file or item that triggered the incident
- Endpoint Incident – File Owner: Creator of the file or item that triggered the incident
- Endpoint Incident – File Path: Full destination path of the file that triggered the incident
- Endpoint Incident – Instance ID: Endpoint device identifier on which the violation occurred
- Endpoint Incident – IP Address: IP address of the endpoint at the time the violation occurred
- Endpoint Incident – Machine Name: Name of the computer that triggered the incident
- Endpoint Incident – On or Off the Network: Indicates the agent location at the time the violation occurred
- Endpoint Incident – Source File Name: Name of the file or item that triggered the incident
- Endpoint Incident – Source File Path: Full path of the file that triggered the incident
- Endpoint Incident – User Name: Logged on user on the computer that triggered the incident
- Incident – ID: Incident ID
- Incident – Severity: Incident severity
- Incident – Status: Incident status as shown in the incident snapshot
- Incident – Status Group: Incident status group as defined in the Enforce console
- Incident – Product Area: Incident type
- Message Component – Document Format: File format used in the message
- Message Component – MIME Type: MIME type used in the message
- Message Component – Name: Name used in the message
- Message – Date: Date the message was received by the detection server or endpoint client
- Message – Date Range: Date range the message was received by the detection server or endpoint client
- Message – Day of Week: Day the message was received by the detection server or endpoint client
- Message – Month: Month the message was received by the detection server or endpoint client
- Message – Quarter: Quarter the message was received by the detection server or endpoint client
- Message – Week Number: Week number the message was received by the detection server or endpoint client
- Message – Year: Year the message was received by the detection server or endpoint client
- Message – Hour: Hour the message was received by the detection server or endpoint client
- Message – Minute: Minute the message was received by the detection server or endpoint client
- Message – Second: Second the message was received by the detection server or endpoint client
- Message – Time: Time the message was received by the detection server or endpoint client
- Network Incident – Message Subject: Subject line of email message. In the case of a web violation, this will show as HTTP incident.
- Network Incident – Sender Name: Sender email address or IP address
- Oracle Database – Host Name: Denotes the Oracle database name and instance name from which the data is obtained
- Policy – Group Name: Policy Group names as defined in the Enforce console
- Policy – Description: Policy description as displayed in the Enforce console
- Policy – ID: Policy ID
- Policy – Name: Policy name
- Policy – Status: Indicates whether the policy is active or inactive
Measures
- Incident Count: Total number of incidents for all incident types.
- Match Count: Total number of matches for all incident types.
Key Performance Indicators
- Incidents Detected in Last 30 Days New High Severity Incidents
- Number of False Positives in last 30 days