Contents

Data Loss Violations (DLP) Report

The Data Loss Violations (DLP) report shows a summary of data loss violations on your network and the actions taken by Data Loss Prevention.

This report is available when log messages with data for this report exist in the specified time frame. To make sure that your Firebox sends log messages required to generate this report, follow the steps to Enable Logging for this Report.

How to Use this Report

This report can help you to identify how data loss violations occur on your network. Here are some ways to use this report:

  • Select the Activity Trend pivot to see the number of data loss violations allowed, denied, and quarantined compared to the total files scanned.
  • Select the Sender/Source pivot to identify the most common sources of data loss violations on your network.
  • In an audit, use the report data to demonstrate compliance with rules or regulations that require you not to allow sensitive data to leave your network.
  • Use the data on the report to fine tune your Data Loss Prevention rules. For example, if the Rules pivot shows a large number of allowed violations, you might want to change the actions in some DLP Sensors.

View the Report

This report is available in WatchGuard Cloud and in Dimension.

Pivots

You can use pivots to change the view of the data on the report.

To switch to a different view, select a pivot from the drop-down list above the report.

This report includes these pivots:

Activity Trend

Summary of the traffic scanned by Data Loss Prevention. Data includes the total number of scans, the allowed violations, denied violations, and quarantined violations.

Sender/Source

Summary of the detected violations by the sender or source address.

Recipient/Destination

Summary of the detected violations by the recipient or destination address.

Rules

Summary of the detected violations by rule name.

Detail View

To view a detailed report of all data loss violations detected by DLP, click the View Details link at the top of the report.

Screen shot of View Details link in a report

The Data Loss Violations (DLP) Detail report includes a row for each connection that included a data violation:

Column Description
Disposition The action taken by the Firebox for this traffic, such as Stripped or Allowed.
Date-Time Date and time that the event occurred.
Rule Name Name of the Data Loss Prevention content control rule that the data matched.
User Name of the user who sent the traffic. If authentication is not enabled, None appears in this column.
Sender For SMTP protocol, the email address the email was sent from.
Recipient For SMTP protocol, the email address the email was sent to.
Source IP IP address of the traffic source.
Dest IP IP address of the traffic destination.
Protocol Protocol used to send the traffic.
Policy Name of the Firebox policy that examined the traffic.
Violations Number of data violations.

Enable Logging for this Report

To collect the data required for this report:

  • In the General Settings of all proxy actions that use Data Loss Prevention, select Enable logging for reports.
  • In all DLP Sensor Actions, select the Log check box. For more information, see Configure DLP Sensors.

See Also

WatchGuard Cloud Device Reports List

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search