Data Loss Prevention

 View Only

  • 1.  Having trouble locating incidents

    Posted Sep 16, 2015 10:08 AM

    So it appears I have a user that has not had their laptop on the network for awhile to connect to the Endpoint server and all of the sudden it is flooding DLP with incidents. I have checked over all of my incidents and I cannot locate who or what system is generating the incidents.

     

    So, I see incidents coming in right now that occured at a different date. Is there anyway I can see what incidents are coming in now even if it occured on a different date without knowing the exact date?



  • 2.  RE: Having trouble locating incidents
    Best Answer

    Posted Sep 16, 2015 10:36 AM

    Hi,

     

    You can set a report based on:

    • Satus -> Equals -> New
    • Date: All Dates
    • Advanced Filters & Summarization
      • Summarize By: Week, month, etc (whatever suits your needs) + User Name / Machine ID / IP (...)

     

    This is just a possibility to "isolate" incidents and you can "play" with variables you want.

     

    Regards.

     

     

     

     



  • 3.  RE: Having trouble locating incidents

    Trusted Advisor
    Posted Sep 16, 2015 07:43 PM

    If you can find one of the new incidents, you can click on the endpoint name and get a report of all of the incident sassociated to that Endpoint.

     

    You can also do the same thing with a custom report of the 'machine name'

    Good Luck, 

    Ronak

     

     



  • 4.  RE: Having trouble locating incidents

    Posted Sep 21, 2015 03:21 AM

    Hello Mike,

    Do you try to use this filter : Incident Reported on

    Incident-EP-filter.png

    Regards.

    Thomas