DLP on the Endpoint Reporting Question here:
I'm tracking copy from Network to Local Drive and also Local Drive to network through my Endpoint Agent Configuration
Here's the scenario:
A Helpdesk Ticket is created to restore a file as it was either moved/deleted/copied/etc.and now the user can't find it... Someone is assigned the job of restoring from backup the incident. Right click folder, previous versions, restore the file.
As this file passes through EXPLORER.exe it generates an incident if the file violates a policy.
Each incident contains the file name of @GMT and then the time stamp. I would like to filter on all incidents that have that @GMT in its file name. I've tried "Contains Ignore Case" and "Contains Any of" but when I apply the filter no results are found.
What should my filter bet?