Cisco Cisco Email Security Appliance C160 Mode D'Emploi

When the DLP scanning engine detects a potential DLP violation, it calculates a risk factor score that 
represents the likelihood that the instance actually is a DLP violation. The policy compares the risk 
factor score to the Severity Scale defined in that policy in order to determine the severity level (for 
example, Low or Critical.) You specify the action to take for violations at each severity level (except 
Ignore, for which no action is ever taken.) You can adjust the risk factor scores required to reach each 
severity level. 

All policies have a default severity scale. You can adjust this scale for each policy. 

For example, by default, a violation has a severity level of Critical if its risk factor score is between 90 
and 100. However, for violations that match a particular policy, you may want increased sensitivity to 
potential data loss. For this DLP policy, you could change the Critical severity level to any violation with 
a risk factor score between 75 and 100. 

Select Mail Policies > DLP Policy Manager.

Click the name of the policy to edit. 

In the Severity Settings section, click Edit Scale... 

Use the scale’s arrows to adjust the scores for the severity levels. 

Click Done. 

In the Severity Scale table, verify that your scores are as you want them. 

Click Submit. 

If a DLP violation matches more than one of the DLP policies enabled in the outgoing mail policy, only 
the first matching DLP policy in the list is used. 

On the DLP Policy Manager page, click Edit Policy Order.

Click on the row for a policy you want to move and drag it to a new position in the order.