Viewing incident details
To view incident details:
- In the Management Console tree, select the Incidents node.
A table with a list of incidents appears in the workspace.
- Select the incident you need in the list and click the View button. You can also perform this operation using the context menu.
The Incident details window with detailed information about the selected incident opens. You can switch between incidents in the list by clicking the Previous and Next buttons.
The window contains the following details about the incident:
- No. A sequential number assigned to an incident when it is created.
- Subject. The content of the "Subject" field of the message that caused the application to generate an incident during scanning.
- Recipients. Addresses of all recipients specified in the "To", "CC", and "BCC" fields in the header of the message that caused the application to generate an incident during scanning.
- Sender. The content of the "From" field of the message that caused the application to generate an incident during scanning.
- Sender's manager. The name of the account of the sender's manager. If information about the manager's account is unavailable, the field contains the “n/a” value.
- Policy. The name of the policy that was violated and based on which the incident has been generated.
- Category. The name of the data category based on which the incident has been generated.
- Action. The action performed on the message (Skipped, Deleted). The action to be taken on the message is specified in the policy.
- Created. The date and time of incident generation. Displayed in the format defined in the regional settings of the computer.
- Priority. The priority assigned to the incident when it was generated (Low, Medium or High). The priority reflects the urgency with which the incident has to be processed. The priority is assigned based on the value specified in the settings of the policy that has been violated.
- Status. Incident status. The incident status reflects the stage of incident processing. For example: New – the incident has been generated but has not been processed yet; Closed (processed) – the incident investigation has been completed, and the required actions have been taken.
- Violations. The number of message text fragments that caused a policy violation.
- Violation context. Fragments of text with data that caused a policy violation. Keywords or table data in each fragment are highlighted in red. The context helps to speed up incident processing.
When you point the mouse pointer on a text fragment that indicates a violation, a tooltip with the name of the data subcategory appears next to the pointer (see the figure below). A subcategory is a nested, embedded data category included in a larger category. The subcategory name helps to define more accurately the area of the category to which data belongs.
The subcategory name is displayed in a pop-up hint