Focused View for Policy Incidents
Limited Availability: Focused View and Default View for Policy Incidents are Limited Availability features. To enable Focused View and Default View for Policy Incidents, contact Skyhigh Support. |
Skyhigh provides a focused view for easy and quick visibility into all the critical sanctioned DLP policy incidents on the Policy Incidents page (found under Incidents > Policy Incidents > Views > Focused View). It is a unified list of the most vulnerable policy incidents within your organization. The focused view automatically displays incidents based on pre-configured filters such as incident status (new, opened).
This simplified and automated view enables you to gain insights into the relevant policy incidents and perform additional forensics on the generated incidents. You can use the focused view to detect, analyze, and mitigate important policy violations proactively. This predefined view also allows you to monitor and manage policy violations efficiently.
NOTE: You can set the focused view as your preferred view for the Policy Incidents page. For details, see Select a Default View for Policy Incidents.
- ► Advantages of Focused View
-
Security Operations Center (SOC) administrators can leverage the following benefits of the Focused View:
- Automatic Incident Prioritization. Automatically highlights high-priority incidents that can be potential threats or anomalies.
- Rapid Incident Response. Quicker response time for vulnerable incidents, such as the latest and unresolved incidents.
- Reduced Noise. Minimizes the volume of irrelevant incidents, such as old and resolved incidents in the incident list.
- Actionable Insights. Provides actionable insights to accelerate the incident remediation process, such as blocking access, quarantining files, or notifying users.
- Enhanced User Experience. Set the focused view as your preferred view for the Policy Incidents page.
- Trends and Analytics. Includes visualizations of priority DLP incidents to monitor trends or patterns in policy breaches over time.
- Streamlined DLP Administration. Streamlines DLP management by reducing fatigue, investigation time, and costs in SOC operations.
- Compliance Adherence. Ensures compliance with data privacy regulations and industry standards.
For example, a Security Operations Center (SOC) administrator may want to investigate only critical DLP incidents. To achieve this use case, the SOC admin can select Focused View under the Views tab on the Policy Incidents page. This enables admins to discover critical policy incidents and perform additional forensics on the generated incidents.