Using Symantec DLP Prevent 12.5 (Enforce and Detect Servers)
We are using GMail as the corporate email.
We created a policy to detect Productivity documents. The rule is set to check "Message Attachment or File Type Match".
When an incident is created, it does show that the URL is https://mail.google.com/mail/u/0/, but doesn't show the recipient of the email.
We want to know the recipient to validate if the email was sent internally or to an external entity.
It looks like the policy only look in the attachment of the message, not the envelope, so it doesn't show the recipient. The option to include the envelope is dimmed for this policy.
What am I doing wrong here?