Data Loss Prevention

 View Only
  • 1.  incident reports on emails

    Posted Jun 16, 2013 10:21 AM

    Hi

     

    Why there is no way to summarize incident reports based on recipients?? In general, reporting in DLP sucks, is there any better way to extract information from DLP?



  • 2.  RE: incident reports on emails

    Broadcom Employee
    Posted Jun 16, 2013 10:44 AM

    can you please let the incident report you looking for?

    what is the informatin you are looking for?

     



  • 3.  RE: incident reports on emails

    Posted Jun 16, 2013 11:00 AM

    Hi Pete,

    I created a policy to monitor all emails. I want to have a report containing list of all emails summerized by users. But I need to have recipents column. I hope I made myself clear.



  • 4.  RE: incident reports on emails

    Trusted Advisor
    Posted Jun 17, 2013 02:10 AM

    Hi reza,

     You cannot summerize by recipient in DLP (but you can do it by recipient domain). You can try to use "IT analytics" solution (not sure you will be able to do that) or do it on your own via a CSV export of all your incident and then a processing of this export via excel or any other tool.

     I used to do lot of scripting a part of DLP in order to perform some report as DLP by itself does not have a very efficient reporting capabilities even if information are available in the tool.

     Regards.



  • 5.  RE: incident reports on emails

    Posted Jun 17, 2013 02:29 AM

    Hi Stephane,

    Summerizing by domain is enough, but where is it? All I can see is:

    dlp summarize.png



  • 6.  RE: incident reports on emails

    Trusted Advisor
    Posted Jun 17, 2013 02:43 AM

    Hi

     oups, summarizing by domain is available for network incident but not for endpoint. So you will have to use incident export to get this information as this information si available in CSV export (it has to be processed cause you will have all recipients in same field).

     Regards



  • 7.  RE: incident reports on emails
    Best Answer

    Posted Jun 17, 2013 09:15 AM

    Hi Reza,

    U can summarize by recipient as per below

    Incident Tab->All Reports>Networks

    see the attached snapshot and also u can do this using customising reports as below

     



  • 8.  RE: incident reports on emails

    Posted Jun 17, 2013 09:40 AM

    Ok,

    but this is a network report, the actual incidents are releated to endpoints (emails users sent with their smtp clients). Is there anyway (rather than exporting to CSV!) to get that report?

    Meanwhile I'm trying toinstall/understand this analytics add-on...



  • 9.  RE: incident reports on emails

    Posted Jun 18, 2013 08:55 AM

    Hi Reza,

    Endpoint will not give above domainwise reports and if u are looking for mail recipient domainwise then ultimately if mail sent throgh Endpoint to networks (smtp) can give u such reports. there is no meaning at endpoint for recipient untill it sent out so consider the network reports for domain wise recipient.

    I hope you will agree with this.



  • 10.  RE: incident reports on emails

    Posted Jul 09, 2013 10:58 AM

    Reza,

    If you haven't, open a support case and make an Enhancement Request.  Yes, I know it isn't going to help you in the short run. But ya never know until you ask. :)

    JGT