Skip to main content
Skyhigh Security

Shadow/Web DLP Incidents

Skyhigh CASB provides a unified Policy Incidents view to discover, manage, and remediate all policy incidents in one place. 

To view incidents discovered by your Shadow/Web DLP Policies:

  1. Go to Incidents > Policy Incidents page.
  2. In the Filters tab, select Incident Type > Shadow/Web DLP
    clipboard_e5d1c99acad86901420cde6e98880a1bb.png

The Policy Incidents page provides the following information and actions:

  • Search.  Search via the Omnibar. You can search for multiple incident IDs by entering a comma-separated query in Omnibar.
  • Filters. Select options on the Filters tab to scope down your search. 
  • Views. Select the Views tab to use Saved Views created by you or shared with you by another user to reuse specified search parameters from a previous search on current data. 
  • Date Picker. Use the Date Picker to select a preset or custom date range in order to display data from only this date range.
  • Save View. Click to create a Saved View from your search query. 
  • Actions. Click Actions to:
    • Change Owner
    • Change Status
    • Delete Incidents. Select the checkbox(es) for incidents you want to delete. Then click Delete in the confirmation dialog. This action cannot be undone. Large requests may take a few moments to process.
    • Download CSV. Click to export violations as a CSV file. The download begins immediately.

      NOTE: The columns in the CSV file reflect the columns in the table as displayed, but additional columns are included at the end by default. If the default columns match those displayed, those columns precede in the CSV file, followed by the remaining default columns.

    • Select Response
    • Create Report
      • Business Report (PDF). Create a PDF report and run it immediately, which then appears in the Report Manager
      • CSV. Create a CSV report and run it immediately, which then appears in the Report Manager
      • XLS.  Create an XLS report and run it immediately, which then appears in the Report Manager
      • Schedule. Schedule a report to run at a later time, which then appears in the Report Manager
    • Settings
      • Edit Table Columns. You can edit table columns and save your changes as a Saved View

Shadow/Web DLP Incidents Behaviour

  • In the Sanctioned/Shadow DLP policies, if multiple policies are matched, multiple incidents are generated on the Policy Incidents page.
  • In the Web DLP Policies, if multiple policies are matched, only one incident is generated on the Policy Incidents page. This incident provides the details of all the matched policies, and no additional incidents are created.

For full details on Policy Incidents Table View and Chart View, see Policy Incidents Page

  • Was this article helpful?