DLP Policy History Cube

Contains historical information about policies and conditions setup within the Data Loss Prevention system, including details of what elements of a condition changed from version to version. Information specific to this cube includes the total number of policies, total number of conditions, policy creation date, condition creating date, responsible user, document, keywords, patterns, and more.

Dimensions

  • Condition – Detection or Group: Indicates whether the condition belongs to one of two rule types
  • Condition – ID: Condition ID
  • Condition – Is Latest: Indicates whether or not this is the latest version of the condition
  • Condition – Minimum Matches: Specifies the minimum number of matches required to trigger the condition and generate an incident
  • Condition – Processing Order: Denotes the order in which conditions are processed
  • Condition – Rule or Exception: Indicates whether the condition was added as a rule or as an exception
  • Condition - Status: Captures historical changes of the condition status
  • Condition – Type: Describes the type of matching used in the condition
  • Condition – Unique or Multiple Matches: Indicates the match counting type selected in the condition
  • Condition Change Audit – Attribute Name: Condition attribute name that was changed
  • Condition Change Audit – Change Details: Details regarding the actual change in the condition
  • Database Info Condition – ClauseID: ID number in the condition WHERE clause. This is only applicable to policies which use Exact Data Matching (EDM)
  • Database Info Condition – DataSourceID: EDM profile ID number
  • Database Info Condition – Threshold: Number of selected fields to match on EDM profile
  • Condition Created – Date: Date the condition was created
  • Condition Created – Day of Week: Day the condition was created
  • Condition Created – Month: Month the condition was created
  • Condition Created – Quarter: Quarter the condition was created
  • Condition Created – Year: Year the condition was created
  • Condition Edited – Date: Date the condition was edited (shows historical data)
  • Condition Edited – Day of Week: Day the condition was edited (shows historical data)
  • Condition Edited – Month: Month the condition was edited (shows historical data)
  • Condition Edited – Quarter: Quarter the condition was edited (shows historical data)
  • Condition Edited – Year: Year the condition was edited (shows historical data)
  • Policy Created – Date: Date the policy was created
  • Policy Created – Date Range: Date range the policy was created
  • Policy Created – Day of Week: Day the policy was created
  • Policy Created – Month: Month the policy was created
  • Policy Created – Quarter: Quarter the policy was created
  • Policy Created – Week Number: Week number the policy was created
  • Policy Created – Year: Year the policy was created
  • Policy Edited – Date: Date the policy was edited (shows historical data)
  • Policy Edited – Date Range: Date range the policy was edited (shows historical data)
  • Policy Edited – Day of Week: Day the policy was edited (shows historical data)
  • Policy Edited – Month: Month the policy was edited (shows historical data)
  • Policy Edited – Quarter: Quarter the policy was edited (shows historical data)
  • Policy Edited – Week Number: Week number the policy was edited (shows historical data)
  • Policy Edited – Year: Year the policy was edited (shows historical data)
  • Document Meta Info Condition – MIMEType: Message attachment or file type MIME type
  • Document Name Condition – Filenames: Files names used in the Message Attachment or File Name Match condition
  • Document Profile Condition – DocSourceID: Indexed Document Matching (IDM) profile ID number
  • Document Profile Condition – Similarity: Document Profile Condition – Similarity: IDM similarity threshold
  • Document Size Condition – Document Size: Document size specified within Message attachment or file size match condition type
  • Document Size Condition – Size Comparator: Size comparator type specified within Message attachment or file size match condition type
  • Document Size Condition – Size Magnitude: Unit type used within Message Attachment or File Size Match condition type
  • Keyword Condition – Case Sensitive: Match type used within the Content Matches Keyword condition type
  • Keyword Condition – Delimiter: Keyword separator used within the Content Matches Keyword condition type
  • Keyword Condition – Is Tokenized Search: Indicates whether or not keyword searches are tokenized. The default value is yes.
  • Keyword Condition – Keyword List: Keyword list specified within the Content Matches Keyword condition type
  • Oracle Database – Host Name: Denotes the Oracle database name and instance name from which the data is obtained
  • Pattern Condition – Pattern: Regular expression defined within the Content Matches Regular Expression condition type
  • Policy – Description: Policy description as displayed in the Enforce console
  • Policy – ID: Policy ID
  • Policy – Is Deleted: Indicates whether or not the policy has been deleted
  • Policy – Is Latest Version: Indicates whether or not the policy version is the latest
  • Policy – Name: Policy name
  • Policy – Status: Indicates whether the policy is active or inactive
  • Policy – Version: Policy version number
  • Protocol Condition – Protocols: Protocol ID used within the Protocol or Endpoint Destination condition type
  • Recipient Condition – Email Address: Email address specified within the Recipient Matches Pattern condition type
  • Recipient Condition – IP Address: IP address specified within the Recipient Matches Pattern condition type
  • Recipient Condition – URL: URL specified within the Recipient Matches Pattern condition type
  • Recipient Profile Condition – DataSourceID: Data source ID for the directory profile
  • Role – Description: Role description as displayed in the Enforce console.
  • Role – Name: Role name as displayed in the Enforce console
  • Rule – Name: Name given to the detection or exception rule
  • Sender Condition – IP Address: IP address specified within the Sender/User Matches Pattern condition type
  • Sender Condition – Sender Identifier: Email address, windows username, or IM screen name specified within the Sender/user Matches Pattern condition type
  • Sender Profile Condition – DataSourceID: profile Data source ID for the directory
  • Condition Created – Hour: Hour the condition was created
  • Condition Created – Minute: Minute the condition was created
  • Condition Created – Second: Second the condition was created
  • Condition Created – Time: Time the condition was created
  • Condition Edited – Hour: Hour the condition was edited (shows historical data)
  • Condition Edited – Minute: Minute the condition was edited (shows historical data)
  • Condition Edited – Second: Second the condition was edited (shows historical data)
  • Condition Edited – Time: Time the condition was edited (shows historical data)
  • Policy Created – Hour: Hour the policy was created
  • Policy Created – Minute: Minute the policy was created
  • Policy Created – Second: Second the policy was created
  • Policy Created – Time: Time the policy was created
  • Policy Edited – Hour: Hour the policy was edited (shows historical data)
  • Policy Edited – Minute: Minute the policy was edited (shows historical data)
  • Policy Edited – Second: Second the policy was edited (shows historical data)
  • Policy Edited – Time: Time the policy was edited (shows historical data)
  • Universal Metadata Condition – Metadata Key: Indicates the type of the rule.
  • Possible values: NetworkLocation
  • Universal Metadata Condition – Metadata Source: A constant value of 1.
  • Universal Metadata Condition – Metadata Value: Indicates the endpoint location. Possible values: 0 and 1 where 0 = ‘On the corporate network’ and 1 = ‘Off the corporate network’
  • Universal Metadata Condition – Metadata Value Operand: A constant value of ‘CSVSTRING’
  • User – Created By: DLP user who created the policy
  • User – Edited By: DLP user who modified the policy

Measures

  • Condition Change Count: Total number of policy changes.
  • Condition Count: Total number of conditions.
  • Policy Count: Total number of policies.

Key Performance Indicators

  • Policies Edited in Last 30 Days