Data Loss Prevention Event Logs
- Click 'Logs' in the CCS menu bar
- Select
'Data Loss Prevention Events’ in the drop-down at top-left
The logs show items flagged by data loss prevention scans and monitoring events:
- Date & Time - When the event occurred.
- Target - The item affected by the rule.
- DLP Monitoring event – Shows the type of external storage device to which the data transfer attempt was made
- DLP Discovery event – Shows the file path of the identified file
- Rule Name - The DLP rule that found the target item. This could be a DLP discovery rule or a monitoring rule.
- Rule Type – Whether rule is a DLP discovery rule or a removable storage rule
- Action - How the file was handled in the DLP event. The possible values are:
- Ignore
- Quarantine
- Restore from quarantine
- Delete from quarantine
- Blocked
- Status – Shows whether the rule executed successfully or not
- Details – The specifics of the data found.
- DLP monitoring rule – Shows the removable storage device affected by the rule.
- DLP Discovery rule - Has a ‘Show details’ link which opens the specifics of the event. See View file details for more details.
Advanced
Filter – Search the logs by file location, rule or action.
Filter by
Date and Time – Search
for logs generated within
a specific time-frame.
Open log
file - Browse to and view a saved log file.
Cleanup
log file - Delete the selected event log.
Export - Save the logs as a HTML file. You can also right-click inside the
log viewer and choose 'Export'.
Refresh - Reload the current list to show the latest logs.
- Click the 'Show details' column shows different information depending on the type of DLP event:
- The screen shows the name of the file, and the rule/pattern which discovered sensitive data in the file.
- The ‘match’ column shows the first and last characters of the actual discovered data. The option to show this should be enabled in the discovery rule.