Data Loss Prevention

 View Only

  • 1.  Finding the date of status change in the DLP incident report

    Posted Sep 18, 2012 11:25 AM

    Hi, I would like to find out the date when the status of the DLP incident report was changed. Is there a way to find out? For e.g. when a particular incident was changed from New to Dismissed, how do I see the date when it was changed? I need to see this because I want to measure the SLA of the user who is monitoring these incidents.

    Thanks for your advice.



  • 2.  RE: Finding the date of status change in the DLP incident report
    Best Answer

    Posted Sep 18, 2012 12:37 PM

    Gavin,

    It's great to see customers looking to really use this feature. You're desired logging, can be found on the History section, which by default should be a tab within the incident you are looking at. If you don't see a History tab option, then you can click on the top right corner of the incident to customize the view and ensure the History tab is checked. This is also a worthwhile time to look at the current layout of incidents, and perhaps placing the History section somewhere else that is more easily viewable for you when viewing incidents. This should be a per user setting, so it won't affect the view of others working on the system. It may also lead to less clicks for you in the interfeace.



  • 3.  RE: Finding the date of status change in the DLP incident report

    Trusted Advisor
    Posted Sep 19, 2012 05:27 AM

    Gavin,

     

     Yes this feature is also really important for us especially to be sure people process DLp incident on time (wrt to SLA). So we used xml export and process it with external script in order to check date when status was changed and delay for each transaction. XML export contains lot of information available in GUI but for which you cannoot set any filter or summarization.

     

     Regards



  • 4.  RE: Finding the date of status change in the DLP incident report

    Posted Sep 20, 2012 08:13 AM
      |   view attached

    Hi Gavin,

    It is very easy to see the details which you wanted to see. As i can understand you wanted to see the date/time when the status of incident has been changed. You can see the same in history tab of incident snapshot details. I have also attched the snapshot for your easy understanding.

     

    Regards

    Kishorilal



  • 5.  RE: Finding the date of status change in the DLP incident report

    Posted Sep 23, 2012 08:59 PM

    Hi all, thanks for your advice. It was helpful and I managed to harvest the info I needed dearly. Stephane, may I know what external script you used to process the xml script? Would it be possible to share? Much appreciated. Have a nice day ahead, folks :)

    Cheers,

    Gavin



  • 6.  RE: Finding the date of status change in the DLP incident report

    Posted Sep 23, 2012 09:56 PM

    Hi Stephane, possible to share the external script? Many thanks.



  • 7.  RE: Finding the date of status change in the DLP incident report

    Trusted Advisor
    Posted Sep 24, 2012 02:18 PM

    gavin

     

     script was made by myself for a french bank and cannot share it with you (as it will be detected as a leakage by DLP). sorry.