cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Duplicate DLP incidents while exporting using Query

Hi,

Can someone sort out my issue with respect to Duplicate DLP incidents. When i checked DLP incident count of Email protection in DLP incident manager, it shows around 400 for past 24 hours. But when i exporting the DLP incident dump for email protection for past 24 hours, it gives around 30000 incidents.

After checking the incident dump, i got to know that Incident ID's are duplicate but evidence file different. I know its little confusing right, checked one incident ID in which user has sent around 20 attachment beacuse of this i'm getting huge number of duplicate incidents for one incident.

 

i would be more helpful if someone will solve my issue.

2 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Duplicate DLP incidents while exporting using Query

Not sure if you have the answer by now. However I am not seeing it as an issue rather per design. If you can please attach some screenshots, it will help me to answer it in a better way. Also is it a default query or custom query?

Highlighted

Re: Duplicate DLP incidents while exporting using Query

Hi,

It is custom query & created  for email protection incidents details in table format. In DLP incident manager, i could see around 230 incidents are generated for email protection incident type in the time frame of past 24 hours.

Below criteria used for query creation:

DLP(drop down) --> Data in motion DLP incidents/History

Report type : table

Columns : included required fields

Filter : 1. Incident type : Email protection & 2. Occurred endpoint(custom) - is with in last 24 hours

 

While running the query, i am getting around 4500 incidents. Which contains duplicate incident IDs & different evidence files.

 

I hope you got my reported issue. Kindly help me to eliminate the duplicate....

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community