Review Email DLP Incidents

Log into
Strata Cloud Manager
.
Select
Manage
Configuration
SaaS Security
Data Security
Incidents
Email DLP Incidents
.
Review your Email DLP incidents.
Severity
—Severity of the DLP incident specified in the Email DLP policy.
Updated On
—Date the Email DLP incident status or assignee was updated.
Created On
—Date the Email DLP incident occurred.
Sender
—Email of the sender who generated the Email DLP incident.
Subject
—Subject line for the email that generated the Email DLP incident.
Policy
—Email DLP policy that the email matched against.
Action
—Action taken by
Enterprise DLP
based on the Email DLP policy the outbound email matched against.
Assigned to
—Incident assignee responsible to review and address the Email DLP incident.
Status
—Resolution status of the Email DLP incident.

Click the Email DLP incident
Subject
to view the
Incident Details
.
The
From
and
To
fields display the email sender and recipient for the email that generated the DLP incident.
The
Email content
field allows you to download the email in
.eml
format.
To successfully download an email, you must have configured evidence storage before the outbound email was inspected by
Enterprise DLP
. Emails of existing Email DLP incidents cannot be downloaded if you configure evidence storage after the Email DLP incident occurred.
The
Matching Data Patterns
shows snippets of the sensitive data
Enterprise DLP
detected and the data pattern that it matched.
The
Message ID
can be used to create a message trace on Microsoft Exchange Online or a custom Email Log Search on Gmail.

(
Quarantine only
) If an outbound email was quarantined, an email administrator must review and approve these emails before they can continue to their intended recipient.
Microsoft Exchange
Gmail