Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi

With the search form at the bottom of the Internal Users page and the Internal User detail page, you can 
search for a specific internal user (email address). Select whether to exactly match the search text or look 
for items starting with the entered text (for example, starts with “ex” will match 
“example@example.com”).

The Email > Reporting > DLP Incidents (DLP Incident Summary) page shows information on the 
incidents of data loss prevention (DLP) policy violations occurring in outgoing mail. The Email Security 
appliance uses the DLP email policies enabled in the Outgoing Mail Policies table to detect sensitive 
data sent by your users. Every occurrence of an outgoing message violating a DLP policy is reported as 
an incident. 

Using the DLP Incident Summary report, you can answer these kinds of questions:

What type of sensitive data is being sent by your users?

How severe are these DLP incidents?

How many of these messages are being delivered?

How many of these messages are being dropped?

Who is sending these messages?

The DLP Incident Summary page contains two main sections: 

the DLP incident trend graphs summarizing the top DLP incidents by severity (Low, Medium, High, 
Critical) and policy matches, 

the DLP Incident Details listing

A drop-down list that can range from a day to 90 days or a 
custom range. For more information on time ranges and 
customizing this for your needs, see the 

. 

The top DLP incidents listed by severity.

The DLP policies currently enabled for each email appliance’s 
outgoing mail policies are listed in the DLP Incident Details 
interactive table at the bottom of the DLP Incident Summary 
page. Click the name of a DLP policy to view more detailed 
information.