DLP Network Incident Summary Cube

Contains information about incidents generated by the Network Data Loss Prevention product. Information specific to this cube includes the total number of incidents, number of violations, the name of the policy that generated the incident, the incident severity, and status.

Dimensions

  • Custom Attribute – Name: Lists all user-defined custom attributes
  • Custom Attribute – Value: Lists values assigned to the custom attributes
  • Data Owner – Name: Name of the person responsible for remediating the incident
  • Data Owner – Email: Email address of the person responsible for remediating the incident.
  • Detection – Date: Incident detection date as reported by the detection server
  • Detection – Date Range: Incident detection date range as reported by the detection server
  • Detection – Day of Week: Incident detection day as reported by the detection server
  • Detection – Month: Incident detection month as reported by the detection server
  • Detection – Quarter: Incident detection quarter as reported by the detection server
  • Detection – Week Number: Incident detection week number as reported by the detection server
  • Detection – Year: Incident detection year as reported by the detection server
  • Detection Server – Name: Detection server name as shown in the Systems Overview page
  • Detection Server – Type: Detection Server channel name as shown in the System Overview page
  • Detection – Hour: Incident detection hour as reported by the detection server
  • Detection – Minute: Incident detection minute as reported by the detection server
  • Detection – Second: Incident detection second as reported by the detection server
  • Detection – Time: Incident detection time as reported by the detection server
  • Incident – ID: Incident ID
  • Incident – Severity: Incident severity
  • Incident – Status: Incident status as shown in the incident snapshot
  • Incident – Status Group: Incident status group as defined in the Enforce console
  • Message Component – Document Format: File format used in the message
  • Message Component – MIME Type: MIME type used in the message
  • Message Component – Name: Name used in the message
  • Message – Date: Date the message was received by the detection server or endpoint client
  • Message – Date Range: Date range the message was received by the detection server or endpoint client
  • Message – Day of Week: Day the message was received by the detection server or endpoint client
  • Message – Month: Month the message was received by the detection server or endpoint client
  • Message – Quarter: Quarter the message was received by the detection server or endpoint client
  • Message – Week Number: Week number the message was received by the detection server or endpoint client
  • Message – Year: Year the message was received by the detection server or endpoint client
  • Message – Hour: Hour the message was received by the detection server or endpoint client
  • Message – Minute: Minute the message was received by the detection server or endpoint client
  • Message – Second: Second the message was received by the detection server or endpoint client
  • Message – Time: Time the message was received by the detection server or endpoint client
  • Network Incident – Message Subject: Subject line of email message. In the case of a web violation, this will show as HTTP incident.
  • Network Incident – Sender Name: Sender email address or IP address
  • Network Incident – Recipient Domain: Recipient domain name or IP address
  • Network Incident – Recipient Name: Recipient email address, IP address, or web address
  • Network Incident – Prevent Action: Action taken by the Network Prevent server
  • Oracle Database – Host Name: Denotes the Oracle database name and instance name from which the data is obtained
  • Policy – Group Name: Policy Group names as defined in the Enforce console
  • Policy – Description: Policy description as displayed in the Enforce console
  • Policy – ID: Policy ID
  • Policy – Name: Policy name
  • Policy – Status: Indicates whether the policy is active or inactive

Measures

  • Incident Count: Total number of Network incidents.
  • Match Count: Total number of Network matches.