Data Loss Violations (DLP) Report

Applies To: Locally-managed Fireboxes This topic applies to Fireboxes you configure in Policy Manager or Fireware Web UI.

The Data Loss Violations (DLP) report shows a summary of data loss violations on your network and the actions taken by Data Loss Prevention.

This report is available when log messages with data for this report exist in the specified time frame. To make sure that your Firebox sends log messages required to generate this report, follow the steps to Enable Logging for this Report.

How to Use this Report

This report can help you to identify how data loss violations occur on your network. Here are some ways to use this report:

• Select the Activity Trend pivot to see the number of data loss violations allowed, denied, and quarantined compared to the total files scanned.
• Select the Sender/Source pivot to identify the most common sources of data loss violations on your network.
• In an audit, use the report data to demonstrate compliance with rules or regulations that require you not to allow sensitive data to leave your network.
• Use the data on the report to fine tune your Data Loss Prevention rules. For example, if the Rules pivot shows a large number of allowed violations, you might want to change the actions in some DLP Sensors.

View the Report

This report is available in WatchGuard Cloud and in Dimension.

Pivots

You can use pivots to change the view of the data on the report.

To switch to a different view, select a pivot from the drop-down list above the report.

This report includes these pivots:

Activity Trend

Summary of the traffic scanned by Data Loss Prevention. Data includes the total number of scans, the allowed violations, denied violations, and quarantined violations.

Sender/Source

Summary of the detected violations by the sender or source address.

Recipient/Destination

Summary of the detected violations by the recipient or destination address.

Rules

Summary of the detected violations by rule name.

Data Loss Violations (DLP) Report Detail View

To view a detailed report of all data loss violations detected by DLP, click the View Details link at the top of the report.

The Data Loss Violations (DLP) Detail report includes a row for each connection that included a data violation:

Column	Description
Disposition	Action taken by the Firebox for this traffic, such as Stripped or Allowed
Date-Time	Date and time that the event occurred
Rule Name	Name of the Data Loss Prevention content control rule that the data matched
User	Name of the user who sent the traffic If authentication is not enabled, None appears in this column
Sender	For SMTP protocol, the email address the email was sent from
Recipient	For SMTP protocol, the email address the email was sent to
Source IP	IP address of the traffic source
Dest IP	IP address of the traffic destination
Protocol	Protocol used to send the traffic
Policy	Name of the Firebox policy that examined the traffic
Violations	Number of data violations

Enable Logging for this Report

Logging for cloud-managed Fireboxes is automatically enabled. For locally-managed Fireboxes, you must manually enable logging in Fireware Web UI or Policy Manager. For more information, see Set Logging and Notification Preferences.

To collect the data required for this report for locally-managed Fireboxes, in Fireware Web UI or Policy Manager:

• In the General Settings of all proxy actions that use Data Loss Prevention, select Enable logging for reports.
• In all DLP Sensor Actions, select the Log check box. For more information, see Configure DLP Sensors.

Related Topics

WatchGuard Cloud Device Reports List