DLP Network Incident Details Cube
Contains information about incidents generated by the Network Data Loss Prevention product as well as the conditions that triggered those incidents. Information specific to this cube includes the total number of incidents, number of violations, the name of the policy that generated the incident, the conditions within those policies, and the incident severity and status.
Dimensions
- Condition – Detection or Group: Indicates whether the condition belongs to one of two rule types
- Condition – ID: Condition ID
- Condition – Is Latest: Indicates whether or not this is the latest version of the condition
- Condition – Minimum Matches: Specifies the minimum number of matches required to trigger the condition and generate an incident
- Condition – Processing Order: Denotes the order in which conditions are processed
- Condition – Rule or Exception: Indicates whether the condition was added as a rule or as an exception
- Condition - Status: Captures historical changes of the condition status
- Condition – Type: Describes the type of matching used in the condition
- Condition – Unique or Multiple Matches: Indicates the match counting type selected in the condition
- Custom Attribute – Name: Lists all user-defined custom attributes
- Custom Attribute – Value: Lists values assigned to the custom attributes
- Data Owner – Name: Name of the person responsible for remediating the incident
- Data Owner – Email: Email address of the person responsible for remediating the incident.
- Detection – Date: Incident detection date as reported by the detection server
- Detection – Date Range: Incident detection date range as reported by the detection server
- Detection – Day of Week: Incident detection day as reported by the detection server
- Detection – Month: Incident detection month as reported by the detection server
- Detection – Quarter: Incident detection quarter as reported by the detection server
- Detection – Week Number: Incident detection week number as reported by the detection server
- Detection – Year: Incident detection year as reported by the detection server
- Detection Server – Name: Detection server name as shown in the Systems Overview page
- Detection Server – Type: Detection Server channel name as shown in the System Overview page
- Detection – Hour: Incident detection hour as reported by the detection server
- Detection – Minute: Incident detection minute as reported by the detection server
- Detection – Second: Incident detection second as reported by the detection server
- Detection – Time: Incident detection time as reported by the detection server
- Incident – ID: Incident ID
- Incident – Severity: Incident severity
- Incident – Status: Incident status as shown in the incident snapshot
- Incident – Status Group: Incident status group as defined in the Enforce console
- Message Component – Document Format: File format used in the message
- Message Component – MIME Type: MIME type used in the message
- Message Component – Name: Name used in the message
- Network Incident – Message Subject: Subject line of email message. In the case of a web violation, this will show as HTTP incident.
- Network Incident – Sender Name: Sender email address or IP address
- Network Incident – Recipient Domain: Recipient domain name or IP address
- Network Incident – Recipient Name: Recipient email address, IP address, or web address
- Network Incident – Prevent Action: Action taken by the Network Prevent server
- Network Incident – Protocol: Network protocol name
- Oracle Database – Host Name: Denotes the Oracle database name and instance name from which the data is obtained
- Policy – Description: Policy description as displayed in the Enforce console
- Policy – ID: Policy ID
- Policy – Is Deleted: Indicates whether or not the policy has been deleted
- Policy – Is Latest Version: Indicates whether or not the policy version is the latest
- Policy – Name: Policy name
- Policy – Status: Indicates whether the policy is active or inactive
- Policy – Version: Policy version number
- Policy – Group Name: Policy Group names as defined in the Enforce console
- Rule – Name: Name given to the detection or exception rule
Measures
- Incident Count: Total number of Network incidents.
- Match Count: Total number of Network matches.