Symantec DLP console should show incidents based on "Reported On" instead of "Occured On"
Well I am bringing this highly critical issue to notice of Product Management Team.
While DLP does a fantastic job in identifying the incidents and reporting to Enforce server, the console has a limitation because of sorting with "Reported On".
In my environment, consultants frequently go for business visits for 4-12 weeks carrying their laptops. When they are back, all incidents raised from that particular laptop during there onsite visit are reported to Enforce server but because console sorts incidents based on "Reported On" time stamp, the new incidents go and creep in to 250th page or 300th page on console for example. This poses a serious security threat, where in incidents creep into the back dated pages. This way DLP Admins never come to know about new incidents which does not show up on the 1st page of console. I strongly believe any new incident has to come up at top of the 1st page.
Solution: Console UI should be sorted based on "Reported On" or "Incident ID". Advantage will be any new incident reported to server, irrespective of date occured will come up on 1st page as soon as we login to DLP console
If you are willing to see demonstration of this issue, how it is a nightmare in production or understand gravity of it, feel free to reach me.
Overall Product works wonderfully and I AM A HAPPY CUSTOMER.