An action taken when a policy is triggered is a response action. By default, each policy creates an incident that appears in Skyhigh CASB. If an event, message, or document triggers more than one policy, an incident is generated for each corresponding policy. Responses to the document reflect more restrictive policies. For more information, see DLP Policy Incident Statuses.
Response Actions can be conditionally executed depending on the triggered Rule Group's severity.
The Shadow /Web DLP supports the following DLP response actions:
|Incidents are generated by default.
|Block the sensitive data from being exfiltrated.
|Monitor the sensitive data from being exfiltrated.
|Copy of the compromised content associated with your incident can be saved in your data storage. For details, see Save DLP Evidence.