Руководство Пользователя для Cisco Cisco Email Security Appliance C170

18-30

User Guide for AsyncOS 9.8 for Cisco Email Security Appliances

Chapter 18 Data Loss Prevention

Working with DLP Incident Messages and Data

Procedure

Step 1

In the CLI, use the

dlprollback

command.

Step 2

Re-enable the DLP policies used in your mail policies.

Working with DLP Incident Messages and Data

Related Topics

•

Showing or Hiding Sensitive DLP Data in Message Tracking, page 18-27

•

Controlling Access to Sensitive Information in Message Tracking, page 33-5

Troubleshooting Data Loss Prevention

•

RSA Email DLP Fails to Detect Violations in Email Attachments, page 18-30

RSA Email DLP Fails to Detect Violations in Email Attachments

Problem

When using predefined DLP policies, RSA Email DLP fails to detect violations in email

attachments. This can be caused by the small value of the proximity parameter in the predefined DLP
policies.

Note

You cannot change the proximity of a predefined DLP policy.

Solution

Create a custom policy and adjust the proximity as required. See

Creating a Custom DLP Policy

(Advanced), page 18-8

To Do

This

Search for messages containing DLP violations
using criteria such as DLP policy name, violation
severity, and action taken, and view details of
messages found

See

Chapter 30, “Tracking Messages.”

View or manage messages that have been
quarantined as suspected DLP violations

See

Working with Messages in Policy, Virus, or

Outbreak Quarantines, page 31-10

View a summary of DLP incidents

See information about DLP Incident Summary
reports in

Chapter 28, “Using Email Security

Monitor.”

View information about DLP violations
discovered in outgoing mail

See information about DLP Incident reports in

Chapter 28, “Using Email Security Monitor.”