Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Shadow/Web DLP Incident Cloud Card

Limited Availability: ML Auto Classifiers is an advanced DLP capability that requires additional entitlement. Contact Skyhigh Support or your account manager for assistance.

To learn more about the Policy Incidents page, see Policy Incidents Page.

On the Policy Incidents page > Incident Type filter, select the Shadow/Web DLP policy incident and click any incident on the table to view the Shadow/Web DLP Policy Incident Cloud Card. 

clipboard_ebdc4c4d4606d157d7b008c8c2998145b.png

Shadow/Web DLP Policy Incident Cloud Card Components

The Shadow/Web DLP Policy Incident Cloud Card provides the following information:

  • ID
  • Severity
  • Incident Created On
  • Last Response
  • Last Updated
  • Service Name
  • User
  • Owner. Select to assign an owner. 
  • Incident Status. Select to assign an Incident Status. 
  • Resolution Action. Select to assign a Resolution Action. Custom Resolution Actions can be assigned on the Policy > Policy Settings > Incident Management tab. 
  • URL Details 
    • Destination URL
  • Device Information 
    • Device IP
  • Classifications. Number and names of the classifications that triggered the incident. 
  • ML Auto Classifiers. Provides details on the matches triggered for various ML Auto Classifiers. For details, see ML Auto Classifiers.
    • ML Classifier. Displays the matches triggered for various ML Auto Classifiers based on Skyhigh predefined ML Auto Classifiers.
    • Confidence. Displays the confidence percentage triggered for various ML Auto Classifiers based on Skyhigh predefined ML Auto Classifiers. The confidence percentage indicates the likelihood that the file belongs to a specific file category. The minimum threshold for triggering a ML Auto Classifier match is 50%, except for source code files, which have a higher threshold.
  • Evidence and Content match. Click the box arrows to open the details dialog. Item details such as Properties, Content Matches, and Metadata Matches are displayed on separate tabs. The content and content metadata matches that violate any policy are listed in the Content and Metadata Matches tabs along with the evidence file in the Properties tab. 
    • Item Name. Evidence file that violated the policy. If a link is available, you can click to download it. For details, see Download DLP Evidence.
    • Size
    • Item Type
    • Content Matches Found. Allows you to find matches on content and content metadata such as author name, subject, and comments. Click the box arrows to open the details dialog. For details see Enable Match Highlighting. Contact Support for more information.
      Shadow&Web DLP Incident Cloud Card 2.png
  • Notes. Enter a note for the incident and click Add. Each note added is visible separately below the Notes field. For notes that you have added, you can Edit or Delete them. For notes written by other users, you might only view them. The default limitation is 10 notes per incident and 300 characters per note. To use the Incident Notes feature, you must use your own Data Storage. You can't use Skyhigh CASB Data Storage. For details about configuration, see Data Storage
  • Was this article helpful?