Data Loss Prevention

 View Only
  • 1.  "Do not include in match count" feature

    Posted Aug 01, 2016 03:40 PM

    Not a huge deal, but it would be useful if you could choose whether or not the results of a policy rule's individual conditions should contribute to the overall match count of the DLP incident. For example, if I have a policy that looks for a particular protocol AND a single keyword AND a data identifier for an SSN (as an example), a matching message with a single SSN will have a total match count of 3, even though it only had one SSN. If what you really care about is how many SSNs went out, this can throw off your metrics (if you are pulling your metrics from Enforce). This may also effect your severity-based response rules.

    What would be nice is having a checkbox option in the rule condition to say "Do not include in incident match count" or something similar.

     

    Rich



  • 2.  RE: "Do not include in match count" feature

    Posted Nov 29, 2016 07:07 PM

    Hi Rich - please post this as an idea in the forum.  Ideas are run by the product management team for review and possible implementation of the enhancements you are looking for.  Thank you!