Reports

The following is a list of default reports in the IT Analytics Symantec Data Loss Prevention Content Pack, with their descriptions.

DLP Auditing – User Event Details

Displays a chart showing the user events month by month along with a detailed table of user actions by user name, including role, date, category and event detail. The report allows the user to filter the data by start/end date, category, entity, role, and user name.

DLP Auditing – User Incident Event Summary

Displays a breakdown of events by user name. The report allows the user to filter the data by start/end date, category, role, and username.

DLP Deployment – Agent Search

Displays a list of agents by endpoint name with additional details such as IP address, whether it has been deleted, its major version, version, status, on or off network, last connection date and incident count. The report allows the user to filter the data by endpoint server, IP address, is deleted, on or off network, name, status, version, and major version.

DLP Auditing – User Action Auditing

Displays a trend of user actions by category, along with a detailed chart including user name, role, date, entity, category, detail and event count. The report allows the user to filter the data by start/end date, entity, category, role, and username.

DLP Deployment – Agent Version by Server

Displays a graph of agents by server and the agent version, along with a detailed table showing total agents associated with each endpoint server. The report allows the user to filter the data by deleted, status, and version.

DLP Deployment – Policy Evolution Trend

Displays a trend graph showing the number of policies over time by month, and a detailed table including the creator of each policy. The report allows the user to filter the data by start/end date, policy name, rule name, and user.

DLP Deployment – Scan Summary

Displays a graph showing the number of gigabytes scanned over time for each server. The report allows the user to filter the data by start/end date, detection server, discover target, policy, scan type, and severity.

DLP Remediation – Discover Incident Details

Displays a list of discover incidents with various details including detection date, policy, severity, status and others. The report allows the user to filter the data by start/end date, custom attribute name/value, discover server/target, Oracle database, policy, severity, status, and target type.

DLP Remediation – Endpoint Incident Details

Displays a list of endpoint incidents with various details including detection date, policy, agent name/status, severity, status and others. The report allows the user to filter the data by start/end date, agent name/status, agent version, agent response, custom attribute name/value, device type, IP address, policy name, severity, and user name.

DLP Statistics – Discover Scanned Storage Trend

Displays a chart showing the number of gigabytes scanned over time, along with a detail chart denoting the number of discover incidents generated. The report allows the user to filter the data by start/end date, content root, discover server and target, Oracle database, policy, and severity.

DLP Statistics – Endpoint Incident Trend by Channel

Displays a trending chart showing the incidents per channel over time, as well as a detailed chart broken down by month. The report allows the user to filter the data by start/end date, agent response, monitoring channel, detection server, policy name, severity, custom attribute name, and value.

DLP Statistics – Incident Trend by Product Area

Displays a trending chart showing incidents per product area over time, as well as a detailed chart broken down by month. The report allows the user to filter the data by start/end date, custom attribute name/value, Oracle host name, policy name, product area, and severity.

DLP Statistics – Organizational Incident Trend

Displays a trending chart showing incidents over time by the specific custom attribute name selected. The report allows the user to filter the data by start/end date, custom attribute name, detection server, policy name, product area, and severity.

DLP Remediation – Incidents Search

Displays a summary of incident data by severity, status and product area, as well as a detailed chart listing detection date and policy. The report allows the user to filter the data by start/end date, custom attribute name/value, policy, version, status, product area, and severity.

DLP Remediation - Incident Status History Details

Displays a table including historical details for incidents by status. The report allows the user to filter the data by start/end date, detection server, changed from/to status, change user, next status group, Oracle database, policy, product area, role, and severity

DLP Statistics – Incidents by Policy

Displays a graph showing the number incidents by policy name, as well as a detailed table. The report allows the user to filter the data by start/end date and custom attribute name/value.

DLP Statistics – Incidents by Product Area

Displays a graph showing a high level view of incidents for each product area, as well as a detailed table. The report allows the user to filter the data by start/end date and custom attribute name/value.

DLP Statistics – Incidents by Severity

Displays a graph showing a high level view of incidents by severity, as well as a detailed table. The report allows the user to filter the data by start/end date and custom attribute name/value.

DLP Statistics – Incidents by Status

Displays a graph showing a high level view of incidents by status, as well as a detailed table. The report allows the user to filter the data by start/end date and custom attribute name/value.

DLP Remediation – Discover Incident Search

Displays a summary of discover incidents by severity, status and target type, as well as detailed table. The report allows the user to filter the data by start/end date, custom attribute name/value, discover server/target, Oracle database, policy, severity, status, and target type.

DLP Remediation – Endpoint Incident Search

Displays a summary of endpoint incidents by severity and device type, as well as detailed table. The report allows the user to filter the data by start/end date, agent name/status, custom attribute name/value, agent version/response, device type, IP address, policy, severity, and user name.

DLP Investigations – Discover File Incidents by File Owner Trend

Displays a graph showing the number of incidents over time by file owner. The report allows the user to filter the data by start/end date, filename, policy, Oracle host, and severity.

DLP Investigations – Networking File Incidents by Networking User Trend

Displays a graph showing the number of incidents for a designated file over time by networking user. The report allows the user to filter the data by start/end date, filename, policy, Oracle host, and severity.

DLP Remediation – Network Incident Search

Displays a summary of network incidents by severity and status, as well as detailed table. The report allows the user to filter the data by start/end date, custom attribute name/value, detection server, file name, policy, protocol, severity, status, and user.

DLP Investigations – User Incident Details

Displays a detailed table showing specifics for incidents by a given user. The report allows the user to filter the data by start/end date, custom attribute name/value, email/IP address, machine name, policy, product area, severity, and user name.

DLP Investigations – User Incident Search

Displays a chart showing top policies with incidents and a detailed table showing specifics for incidents by a given user. The report allows the user to filter the data by start/end date, custom attribute name/value, email/IP address, machine name, policy, severity, and user name.

DLP Remediation – Network Incident Details

Displays a list of network incidents with various details including detection date, policy, sender name, severity, and status. The report allows the user to filter the data by start/end date, custom attribute name/value, detection server, file name, policy, protocol, severity, status, and user.

DLP Normalized Risk – Frequency of Discover Incidents vs. Files Scanned Trend

Displays a chart showing incidents by policy over time and a detailed table including the ratio values between the number of discover incidents and the number of scanned files. The report allows the user to filter the data by start/end date, discover target/server, policy, and severity.

DLP Normalized Risk – Frequency of Discover Incidents vs. GB Scanned Trend

Displays a chart showing the average number of Discover incidents by database scanned over time with a breakdown by policy. Also displays a detailed table including the total number of databases scanned and incident used to calculate the ratios across all incident severity values. The report allows the user to filter the data by start/end date, discover target/server, policy, and severity.

DLP Normalized Risk – Frequency of Email Incidents (Email Prevent)

Displays a chart showing the average number of SMTP incidents by email messages scanned over time with a breakdown by detection server. Also displays a detailed table including the total number of emails scanned and incident used to calculate the ratios across all incident severity values. The report allows the user to filter the data by start/end date, detection server, policy, and severity.

DLP Normalized Risk – Frequency of Web Incidents

Displays a chart showing the average number of HTTP and HTTPS incidents by web message scanned over time with a breakdown by policy. Also displays a detailed table including the total number of web messages scanned and incident used to calculate the ratios across all incident severity values. The report allows the user to filter the data by start/end date, detection server, policy, and severity.

DLP Policy Optimization - Policy Change Audit

Displays a detail report of all the changes performed on any given policy during the specified time period. The report includes the name of the changed attribute, the name of the user responsible for the change and the time stamp of the change.

DLP Policy Optimization – Policy Change Impact

Displays a chart showing the number of incidents by policy version over time, as well as a table listing the number of incidents by policy version on a monthly basis. The report allows the user to filter the data by start/end date, policy name, and user.

DLP Policy Optimization – Policy Change Trend

Displays a chart showing the number of policy changes over time, as well as a table listing the number of changes by policy on a monthly basis. The report allows the user to filter the data by start/end date, policy name, and user.

DLP Policy Optimization – Policy Changes

Displays a detailed table listing the policy changes made, along with relevant information such as policy name, date, version, user, condition and attribute name, and details on the applied change. The report allows the user to filter the data by start/end date, Oracle database, policy name/status/version, rule name, and user.

DLP Remediation – Remediator Productivity

Displays a pie chart showing the number of incidents that changed by user, such as closed, over time, as well as a detailed table displaying a breakdown of the statuses changed and severity. This allows the user to measure which users are responsible for managing incidents. This report allows the user to filter the data by start/end date, detection server, policy, severity, status group, role and user.

DLP Statistics – Scans

Displays a detailed table showing information on scans by discover target and content root, along with relevant information such as status, elapsed time, total items/bytes, and items/bytes scanned. The report allows the user to filter the data by start/end date, content root, discover target, discover server, Oracle Database, scan type, policy name, and severity.

DLP Statistics – Discover Scanned File Trend

Displays a chart showing number of files scanned and detailed table showing information on scans by month and date along with relevant information such as scan count, megabytes scanned, total scanned files, and discovered files. The report allows the user to filter the data by start/end date, discover target, discover server and policy name.

DLP System Management – Agent Summary by Status

Displays a graph that shows the number of agents by status and by major version, as well as a detailed table. The report allows the user to filter the data by start/end date, is deleted, status and major version.

DLP System Management – Agent Summary by Version

Displays a graph that shows the number of agents major version broken down by status, as well as a detailed table. The report allows the user to filter the data by is deleted, status and major version.