A sequential number assigned to an incident when it is created.

Go to the previous incident on the list.

Go to the next incident on the list.

Clicking this button opens a menu with the following items:

• Save message. Selecting this item opens a window. This window lets you save to your hard drive a copy of the message that caused the incident. This item is active when a message copy is attached to the incident.
• Send incident to yourself. If you select this item, the application sends the incident's details to the email address specified in your account. If no mailbox is specified for your account (or the specified mailbox cannot be accessed), an error message is displayed.
• Copy Message ID to clipboard. If you select this item, the ID of the message that has initiated the incident will be copied to the clipboard. The message ID corresponds to the value of the "Message ID" field in the message header.
• Copy data to clipboard. If you select this item, the incident's details will be copied to the clipboard. Details are copied to the clipboard as plain text.

The value of the "Subject" field specified in the header of the message that caused the incident.

Addresses of all recipients specified in the "To", "CC", and "BCC" fields in the header of the message that caused the incident.

Information about the sender of the message that caused the incident. This field shows the name of the account and email address of the sender. In some cases, the field may show only the email address.

This field is an active link that you can use to send a policy violation notification to the message sender.

The name of the account of the sender's manager. If information about the manager's account is unavailable, the field contains the “n/a” value.

The name of the policy that was violated and based on which the incident has been generated.

The name of the DLP category based on which the incident has been generated.

The action performed on the message (Skipped, Deleted). The action to be taken on the message is specified in the policy settings.

The date and time of incident generation. Displayed in the format defined in the regional settings of the computer.

The incident priority level (Low, Medium, High). The priority reflects the urgency with which the incident has to be processed. The priority is configured in the policy settings.

Incident status: New, In progress, Closed (processed), Closed (false positive), Closed (not an incident), Closed (other). It reflects the stage of incident processing. For example: New – the incident has been generated but has not been processed yet; Closed (processed) – the incident investigation has been completed, and the required actions have been taken.

Clicking this button opens a window. In this window you can edit the incident status and add a comment to the incident.

The number of message fragments that caused a policy violation.

Fragments of text with data that caused a policy violation. Keywords or table data in each fragment are highlighted in red. The context helps to speed up incident processing.