Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Shadow/Web DLP Incidents

  1. Last updated
  2. Save as PDF

Skyhigh CASB provides a unified Policy Incidents view to discover, manage, and remediate all policy incidents in one place. 

To view incidents discovered by your Shadow/Web DLP Policies:

  1. Go to Incidents > Policy Incidents page.
  2. In the Filters tab, select Incident Type > Shadow/Web DLP
    clipboard_e5d1c99acad86901420cde6e98880a1bb.png

The Policy Incidents page provides the following information and actions:

  • Search.  Search via the Omnibar. You can search for multiple incident IDs by entering a comma-separated query in Omnibar.
  • Filters. Select options on the Filters tab to scope down your search. 
  • Views. Select the Views tab to use Saved Views created by you or shared with you by another user to reuse specified search parameters from a previous search on current data. 
  • Date Picker. Use the Date Picker to select a preset or custom date range in order to display data from only this date range.

NOTE: The data is retained for 100 days and displayed accordingly, but the date picker allows you to select only a 30-day range. You can change the range to view data for another 30-day period or any custom range (within 30 days).

 

  • Save View. Click to create a Saved View from your search query. 
  • Actions. Click Actions to:
    • Change Owner
    • Change Status
    • Delete Incidents. Select the checkbox(es) for incidents you want to delete. Then click Delete in the confirmation dialog. This action cannot be undone. Large requests may take a few moments to process.
    • Download CSV. Click to export violations as a CSV file. The download begins immediately.

      NOTE: The columns in the CSV file reflect the columns in the table as displayed, but additional columns are included at the end by default. If the default columns match those displayed, those columns precede in the CSV file, followed by the remaining default columns.

    • Select Response
    • Create Report
      • Business Report (PDF). Create a PDF report and run it immediately, which then appears in the Report Manager
      • CSV. Create a CSV report and run it immediately, which then appears in the Report Manager
      • XLS.  Create an XLS report and run it immediately, which then appears in the Report Manager
      • Schedule. Schedule a report to run at a later time, which then appears in the Report Manager
    • Settings
      • Edit Table Columns. You can edit table columns and save your changes as a Saved View

Display and Filter for Classifications on Shadow/Web DLP Incidents

The Classification filter displays a list of various classification names along with the number of incidents linked to each classification. You can select different classifications to filter the Shadow/Web DLP incidents accordingly. This capability allows for the quick identification of classifications that have the highest incident counts. It offers valuable insights into the data that is causing the most classifications, helping the administrator in identifying potential risk areas within the organization.

You can also filter the classification for the Sanctioned DLP incidents. For details, see Sanctioned DLP Incidents.

To filter Classification data for Shadow/Web DLP Incidents:

  1. On the Policy Incidents page, select the Incident Type filter as Shadow/Web DLP.
  2. Select the Classification filter and choose the required classification from the list to view the associated incidents.

clipboard_e12483f9a549ac0a7fb3929407451bc92.png

  1. Click any Shadow/Web DLP incident on the Incidents table to see the Cloud Card for that incident.
  2. On the Shadow/Web DLP Incident Cloud Card, review the classification details and update the necessary remediation action for your incident. For details, see Shadow/Web DLP Incident Cloud Card.

View Classification Insights on the Dashboard Card for Shadow/Web DLP Incidents

You can create dashboard cards for Classifications directly from the Policy Incidents page by filtering for the specific classification you want to display on the Dashboards page. These cards provide a high-level overview of classification insights and trends, allowing you to visualize data more effectively and make informed decisions.

There are two ways to add a Dashboard Card:

  1. When creating a Saved View on the Policy Incidents page, select the Add Dashboard Card checkbox and add the Classification attribute. To add a Dashboard Card from Saved View, see Create a Saved View.
  2. On your Dashboard, click + Add New Card, then select the Card Type as Incidents to locate the Classification. To add a new card from the Dashboard, see Add a New Card.

clipboard_e842f09d45e32a5eed7ea90f58461ea01.png

Shadow/Web DLP Incidents Behaviour

  • In the Sanctioned/Shadow DLP policies, if multiple policies are matched, multiple incidents are generated on the Policy Incidents page.
  • In the Web DLP Policies, if multiple policies are matched, only one incident is generated on the Policy Incidents page. This incident provides the details of all the matched policies, and no additional incidents are created.

For full details on Policy Incidents Table View and Chart View, see Policy Incidents Page

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.