Incidents by policies may contain confidential data in its Subject field. When handling reports of this type, nondisclosure regulations of the organization must be followed.
The detailed "Incidents by policies" report contains a detailed list of incidents generated over a specific period of time. This report reflects the activity of users who handle confidential data.
The report header contains the following data:
Report name. "Incidents by policies" Report.
<Date>. Report generation date.
<Time>. Report generation time.
Number of incidents. The number of incidents covered by the report.
Over period. Time interval covered in the report.
For statuses. List of statuses assigned to incidents that are included in the report.
By users and groups. List of user accounts and/or user groups. The report includes incidents generated while scanning messages originating from the enumerated users. If the list includes a group, the report covers incidents caused by all users belonging to this group and to all subgroups.
By categories and policies. List of categories and policies. The report includes incidents generated based on these categories and policies. If the value of the field is "All categories and policies", the report also covers incidents that were generated based on removed categories and policies.
Tables with lists of incidents grouped by violated policies are shown below. A separate report table is devoted to each policy. Tables show the following incident details:
No. A sequential number assigned to an incident when it is created.
Status. Incident status. Incident status reflects the stage of incident processing. For example: New – the incident has been generated but has not been processed yet; Closed (processed) – the incident investigation has been completed, and the required actions have been taken.
Violations. The number of message text fragments that caused a policy violation.
Sender. The content of the "From" field of the message that caused the application to generate an incident during scanning.
Manager The name of the account of the sender's manager. If information about the manager's account is unavailable, the field contains the “n/a” value.
Created. The date and time of incident generation. Displayed in the format defined in the regional settings of the computer.
Recipients. Addresses of all recipients specified in the "To", "CC", and "BCC" fields in the header of the message that caused the application to generate an incident during scanning.
Subject. The content of the "Subject" field of the message that caused the application to generate an incident during scanning.
Message ID. Unique ID of message. The content of the "Message-ID" field of the message header.
Action. The action performed on the message (Skipped, Deleted). The action to be performed on the message is specified in the settings of the policy that has been violated.
Table rows are sorted according to the value of the Sort data by columns setting specified in the report settings or the report generation task settings.
The report can contain information about 50,000 incidents at a maximum.