Cisco Cisco Email Security Appliance X1070 User Guide
18-30
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 18 Data Loss Prevention
Working with DLP Incident Messages and Data
Procedure
Step 1
In the CLI, use the
dlprollback
command.
Step 2
Re-enable the DLP policies used in your mail policies.
Working with DLP Incident Messages and Data
Related Topics
•
•
Troubleshooting Data Loss Prevention
•
RSA Email DLP Fails to Detect Violations in Email Attachments
Problem
When using predefined DLP policies, RSA Email DLP fails to detect violations in email
attachments. This can be caused by the small value of the proximity parameter in the predefined DLP
policies.
policies.
Note
You cannot change the proximity of a predefined DLP policy.
Solution
Create a custom policy and adjust the proximity as required. See
To Do
This
Search for messages containing DLP violations
using criteria such as DLP policy name, violation
severity, and action taken, and view details of
messages found
using criteria such as DLP policy name, violation
severity, and action taken, and view details of
messages found
View or manage messages that have been
quarantined as suspected DLP violations
quarantined as suspected DLP violations
View a summary of DLP incidents
See information about DLP Incident Summary
reports in
reports in
View information about DLP violations
discovered in outgoing mail
discovered in outgoing mail
See information about DLP Incident reports in