Hi MIke ,
There is no such documentation u r looking for. Its and ur internal IT security process and procedure to make it documentated. Symantec DLP does not provide support for this but as I have worked on this I can guide u somehow.
There is predefine reports in DLP which can be filtered out as per requirement to find the trend of threats currently happening in organization.
U can generate such incident report for endpoint ny source,destibation, protocol, enepoint responce (user cancel etc,) and prepare a dashboard or presenation to show the situation and associated solution based on report and analysis.