Select Trigger an incident for every matched condition to trigger an incident every time a condition in the rule is matched. (For example, if a user sends an email message containing sensitive content, then prints the message, 2 incidents are generated.)

Select Accumulate matches before creating an incident to have the system collect matches for a particular source over time and create incidents when a threshold is met (drip DLP). The system remembers user activity and generates incidents for matches that occur within a defined period.

Low - Incidents that match this rule are of low importance. The policy breach is minor.

Medium - Incidents that match this rule are of medium importance. The policy breach is moderate.

High - Incidents that match this rule are very important and warrant immediate attention. The policy breach is severe.

Select Audit Only to monitor and record (audit) incidents.

Select Audit and Notify (default) to monitor and record incidents. In addition, if notifications are configured, generate notifications.

Select Block All to block and audit incidents. In addition, if notifications are configured, generate notifications.

Select Drop Email Attachments to remove email attachments that violate policy.

Select Audit Without Forensics to monitor and record incidents without recording forensic data.

Select Block Without Forensics to block and audit incidents without recording forensic data.

Select greatest number of matched conditions to have the number of matches compared, and only the greatest number reported. For example, if there are 5 matches for the classifier "Confidential Pattern", 3 for "SSN Pattern", and 10 for "My Key Phrases", the number of matches would be defined as 10.

Select sum of all matched conditions to have the number of matches added together and the total reported. Given the same example as above, the number of matches would be defined as 18.