Configuring Action Planshttp://www.websense.com/content/support/library/data/v76/help/Action plans.aspx
        <h2>TRITON - Data Security Help </h2>
        <h3>Action plans </h3>
        <p>Use this page to define the plan of action to take when various breaches are discovered. Four action plans are provided by default. </p>
        <p><em>Audit only</em> - This action plan, the default, is designed for mild breaches. It permits all activity on all channels and logs incidents in the audit log. If configured, it also generates notifications. </p>
        <p><em>Audit and Notify</em> - Audit incidents from all channels, and if configured, generate notifications. </p>
        <p><em>Block all</em> - This action plan is designed for severe breaches. It blocks all incidents on all channels, audits them, and if configured, generates notifications. It requires a subscription to Websense Data Protect. </p>
        <p><em>Drop Email Attachments</em> - Drop email attachments that breach policy. </p>
        <p>Note: The predefined action plans use the Default notification. You can edit the action plans to use a different notification—see Notifications and Adding a new message for details. </p>
        <p>When you add rules or exceptions to a policy, you select the action plan to use. </p>
        <p>To create a new action plan, click <strong>New</strong>. To delete an action plan, select it and click Delete. </p>
        <p>Click <b>View Complete Document</b> for more. </p>