Skip to main content
Skyhigh Security

Shadow/Web DLP Policy Response Actions

An action taken when a policy is triggered is a response action. By default, each policy creates an incident that appears in Skyhigh CASB. If an event, message, or document triggers more than one policy, an incident is generated for each corresponding policy. Responses to the document reflect more restrictive policies. For more information, see DLP Policy Incident Statuses.

Response Actions can be conditionally executed depending on the triggered Rule Group's severity.

The Shadow /Web DLP supports the following DLP response actions:

Action Description
Incident Incidents are generated by default.
Block Block the sensitive data from being exfiltrated.
Monitor Monitor the sensitive data from being exfiltrated.
Save Evidence Copy of the compromised content associated with your incident can be saved in your data storage. For details, see Save DLP Evidence.
  • Was this article helpful?