|
|
|
|
Creating Custom DLP Policies > Managing exceptions > Adding a new exception > Exception Wizard - Severity & Action
|
|
1.
|
Use the When the condition is matched, severity is field to specify the severity of incidents that match this exception. This overrides the rule's severity:
|
|
Low - Incidents that match this exception are of low importance. The policy breach is minor.
|
|
|
Medium - Incidents that match this exception are of medium importance. The policy breach is moderate.
|
|
|
High - Incidents that match this exception are very important and warrant immediate attention. The policy breach is severe.
|
|
2.
|
Use the and the action plan is field to select an action for this exception. By definition, exceptions override the rule's action plan.
|
|
|
Select Block all to use the strict actions defined under Main > Policy Management > Resources > Action Plans.
|
|
|
Select Audit & notify manager (the default) to use the moderate actions defined. These are a compromise between the blocking and auditing plans.
|
|
|
Select Audit only to use audit incidents and not block them.
|
|
3.
|
Click Advanced to define severity at a more granular level.
|
|
|
Greatest number of matched conditions. Select this option if you want the number of matches for each condition to be compared, and only the greatest number reported. For example, if there are 5 matches for the condition, ConfidentialPattern, 3 for SSN_Pattern, and 10 for MyKeyPhrases, the number of matches would be defined as 10.
|
|
|
Sum of all matched conditions. Select this option if you want the number of matches for each condition to be added together and the total to be reported. Given the same example as above, the number of matches would be defined as 18.
|
|
6.
|
|
|
|
|
|
Creating Custom DLP Policies > Managing exceptions > Adding a new exception > Exception Wizard - Severity & Action
|
