While we are successfully pushing attachments and text over to our DLP solution via ICAP, when looking for ICAP statistics to be able to report on this level of traffic versus incidents, the Charts and Tables on the MWG shows absolutely zero traffic. Is there something specific needed in a ruleset to ensure these are getting captured?
Are you talking about the ICAP Traffic Summary dashboards or the DLP Filter Statistics?
For the DLP Statistics charts make sure you have an event for "Statistics.Counter.Increment("BlockedByDLPMatch",1)" set so that the DLP counters get updated and show up in the dashboards.
For the ICAP Traffic Summary, if you don't have anything, it may be that those dashboards are only for the ICAP server function on the gateway.
I also recommend creating a separate ICAP log because much of the standard access.log entries don't produce a result for ICAP related traffic, there are some specific ICAP related properties that you can utilize to build a log line. You can grab ICAP Header information for logging purposes using "Header.ICAP.Request(or response).Get ("Header Name"). If you tag custom headers from your DLP solution you can put those header names in. You can use the connection tracing function (Configuration - Troubleshooting) to take an easy look at the response headers. (Make sure you specify connection tracing for your test machine only and disable when not in use as it's a full transaction trace).