Viewing Incidents and Reports > Data Loss Prevention reports > Incident risk ranking
|
|
The Risk score assigned to the case, between 0 (lowest risk) and 10 (highest risk).
|
|
The Classification is one of the following:
|
|
Suspected data theft - the incidents in this case may indicate an attempt to steal sensitive data. This is based on factors and indicators such as behavioral anomalies, user and system profiling, the sensitivity of the data, and the destination of the transaction.
|
|
Possibly broken business process - the incidents in this case may be the result of business process deficiencies. For example, if unsecured sensitive content is sent daily from several users to a business partner, the users are probably not aware that they are doing something wrong. This classification is based on factors such as recurring patterns that could indicate common behavior.
|
|
Uncategorized (unknown) - the incidents in this case do not fall into another classification.
|
|
The date and time the case was opened is displayed under the classification. To see incident risk cases for other dates, use the time line shown above the case cards Click a date to display incidents that occurred on that date. Use the scroll bar to see incidents for the previous week. The time line also shows the number of incidents scoring above the selected threshold each day. The picture below shows that there were 16 incidents above the threshold today (Monday).
|
|
The case ID is a unique numeric identifier.
|
|
|
The source that originated the incidents in the case: a person or machine and the LDAP role, if available.
|
|
In the source pop-up window, click the Source's incidents... quick link to open a report showing incidents associated with the selected source over the last 30 days.
|
|
The reason the case is included in the report. For example:
|
|
To view case details, click the information () icon on the card.
|
|
The number of incidents in the case are shown as a link on the bottom of the card.
|
|
My Cases shows the cases that you (the currently logged-on administrator) have flagged.
|
|
Settings opens the Settings > General > Reporting page, used to configure reporting preferences such as risk score threshold—for example, show only cases exceeding a score of 8.0.
|
|
Export to PDF exports all of the cases that are currently displayed to PDF.
|
Viewing Incidents and Reports > Data Loss Prevention reports > Incident risk ranking
|