Data Loss Prevention Report

Data violations detected through the Real Time and SaaS API rules are logged as part of the unified Events view of the Data Loss Prevention Report.

The Data Loss Prevention reports window includes these tabs:

• Events
• Discovery

Note: Administrators with De-identification enabled will continue to see identifiable information in the Data Loss Prevention Report.

Prerequisites

• A minimum user role of Read-only. For more information, see Manage Accounts.

Events

1. Navigate to Monitor > Reports > Data Loss Prevention.

2. Select a time frame to view reports generated in a specific date range. You can also choose
3. From the Events tab, select a time frame to view reports generated in a specific date range. You can also choose a custom date range
4. Use the available Filters for better search results:
   • Event Type – Whether the event is Real Time or SaaS API.
   • Action – Whether the content is monitored, quarantined, or blocked
   • Severity – The severity of the rule that triggered the event.
   • Application – Application for which the DLP rule is applied.
   • Exposure – Exposure of the content scanned.

4. Click the gear icon to customize and sort the columns of your report.
   • Event Type – Whether the event is Real Time or SaaS API.
   • Severity –The severity of the rule that triggered the event.
   • Identity or File Owner –The identity that made the request.
   • Name – The name of the file where a classification match was found. When content is found in a message or a post, the File name displays Content.
   • Destination – The destination where the content was scanned.
   • Rule – The rule that triggered the event.
   • Action – Action triggered by the rule on detecting a violation.
   • Detected – The date and time of detection.

5. Click the action menu icon (three dots) to view further details of an event.

View Details

1. Click View details.

2. The Event Details window displays some of the same content as the report table, with additional information:
   • Application–The application where the file was uploaded or posted.
   • Destination URL–The URL of the destination for the event.
   • Rule Triggered–The rule that triggered the event.
   • Classification–The classification that matched the content found in the event. Clicking the caret displays the excerpts where the matches were found.
   • SHA256 Hash-The unique SHA256 hash for the file.

Discovery

1. Use Filters to filter the data by Application , Last Modified, and Exposure.

2. Choose a Scan from the drop-down. Click Apply to view the details.
   Note: Up to 10 recent scans are displayed. The next triggered Discovery Scan removes the oldest scan results in the list.

3. If there is an ongoing scan, the results are displayed. Click Cancel Scan to stop the ongoing scan.

4. Click the action menu icon (three dots) to view further details of a file.

---

Cloud Malware Report < Data Loss Prevention Report > Admin Audit Log Report