Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

DLP Policy Incident Statuses

  1. Last updated
  2. Save as PDF

DLP Policy incidents are given one of the following workflow statuses:

  • Archived. The violation has been archived and removed from the table. (Archived policy violations do not appear in table results unless you explicitly filter for them in the Omnibar.) 
  • False Positive: The violation has been investigated and determined to not be a legitimate violation.
  • New: The violation has not yet been acted on.
  • Opened: The violation is currently under investigation.
  • Resolved: The violation has been investigated and dealt with per your internal policy.
  • Suppressed: The violation has been found to be a duplicate of a previously generated violation. For details see Policy Incident De-Duplication

What happens if more than one policy is violated by a document?

If a document violates more than one policy, an incident is created for each violation. However, the response to the document reflects the more restrictive policy. 

For example, let's say a file violates two policies: a Credit Card Number policy and a Metadata policy. Because the Credit Card Numbers policy is more restrictive, leading to a Quarantined action, the file is quarantined for both policies. Two separate incidents are created, but one action is taken.

For details, see Response Action Precedence. 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. Incidents
    2. revisit