cancel
Showing results for 
Search instead for 
Did you mean: 

Duplicate DLP incidents while exporting using Query

Hi,

Can someone sort out my issue with respect to Duplicate DLP incidents. When i checked DLP incident count of Email protection in DLP incident manager, it shows around 400 for past 24 hours. But when i exporting the DLP incident dump for email protection for past 24 hours, it gives around 30000 incidents.

After checking the incident dump, i got to know that Incident ID's are duplicate but evidence file different. I know its little confusing right, checked one incident ID in which user has sent around 20 attachment beacuse of this i'm getting huge number of duplicate incidents for one incident.

 

i would be more helpful if someone will solve my issue.

2 Replies
McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Duplicate DLP incidents while exporting using Query

Not sure if you have the answer by now. However I am not seeing it as an issue rather per design. If you can please attach some screenshots, it will help me to answer it in a better way. Also is it a default query or custom query?

Re: Duplicate DLP incidents while exporting using Query

Hi,

It is custom query & created  for email protection incidents details in table format. In DLP incident manager, i could see around 230 incidents are generated for email protection incident type in the time frame of past 24 hours.

Below criteria used for query creation:

DLP(drop down) --> Data in motion DLP incidents/History

Report type : table

Columns : included required fields

Filter : 1. Incident type : Email protection & 2. Occurred endpoint(custom) - is with in last 24 hours

 

While running the query, i am getting around 4500 incidents. Which contains duplicate incident IDs & different evidence files.

 

I hope you got my reported issue. Kindly help me to eliminate the duplicate....

 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator