Filter Description
Assigned to The Assigned to filter enables you to filter incidents by the person to
whom they are assigned. Unassigned displays all incidents that have not
been assigned to any administrator. Because filters can be available for all administrators, checking the Assigned to current administrator check
box displays incidents assigned to the administrator who is currently logged onto TRITON - Data Security. Assigned to selected
administrators enables you to select specific administrators whose
assigned incidents you want to display.
Channel The Channel filter enables you to limit which channels’ events are
displayed. Select each channel to be displayed. The list of available channels depends on channels configured in TRITON - Data Security. Content
Classifier Name
The ContentClassifier Name filter enables you to select which specific
content classifiers should be displayed in the incident list. Content
Classifier Type
The ContentClassifier Type filter enables you to select which content
classifier type should be displayed in the incident list (key phrases, dictionaries, etc.)
Date Accessed If you want to see when data in violation of policy was accessed, use this filter, then select the dates and times you want to see. Events relating to the access dates you choose are shown in the report.
You can display events for data that was accessed within the last x days, within a date range, or on exact dates. You can also specify time periods. Date Created If you want to see when a file in violation of policy was created, use this filter, then select the dates and times you want to see. Events relating to the creation dates you choose are shown in the report.
You can display events for data that was created within the last x days, within a date range, or on exact dates. You can also specify time periods. Date Modified If you want to see when a file in violation of policy was modified, use this
filter, then select the dates and times you want to see. Events relating to the modify dates you choose are shown in the report.
You can display events that transpired within the last x days, within a date range, or on exact dates. You can also specify time periods.
Detected by The Detected by filter sets the incident list to display only incidents that
were detected by specific Websense Data Security modules. Select each module of interest. The list of available modules depends on which modules configured on the TRITON - Data Security System Modules page.
Discovery
Task Use this filter to select the discovery tasks to display in the report. Discovery
Type Use this filter to select the type of discovery to display in the report: File System, Endpoint, SharePoint, Database, and/or Exchange. Endpoint Type The Endpoint Type filter enables you to filter incidents according to the
type of endpoint client, e.g. laptop or desktop. Choose the endpoint(s) to display in the right pane.
TRITON - Data Security Help 171 Viewing Incidents and Reports
Event Time This filter allows you to select a time for the events you want to display. For filter properties, select one of the following:
Last xx days - Select this radio button if you want to display events
from the last xx days, then select the number of days from the spinner. Date range - Select this radio button if you want to display events that
transpired in a particular date range, then select the range from the drop-down list. Example: last 24 hours or this week.
Exact dates - Select this radio button if you want to display events that
transpired during a specific period, then select the From and To dates
from the drop-down lists.
Folder This filter allows you to view incidents from a certain folder or folders. Type a valid folder name into the field box, then click Add.
File Name This filter enables you to filter in or out incidents according to their attachments. Click the Display only incidents with attachments or files
radio button to view only incidents with attachments. These attachments can be filtered based on size or file name by checking the Limit files as follows check box. To set the filter to display incidents with with
attachments of a certain size, click the radio button and set a size (in KB). To set the filter to display incidents with specific files, enter the file name (wildcards can be used), and click Add.
File Owner Use this filter to filter incidents by file owner. Type a valid owner name into the field box, then click Add.
Folder Owner Use this filter to filter incidents by folder owner. Type a valid owner name into the field box, then click Add.
File
Permissions Use this filter to filter incidents by file permissions. Type a valid permission into the field box, then click Add. The values depend on the
permissions of the file system the crawler scans.
File Size Use this filter to filter incidents by file size, then choose the size of the file to include in the report.
Host Name Use Host Name to filter incidents by the host on which they were detected.
Type a valid host name into the field box, then click Add.
Ignored
Incident Thedefault, ignored incidents are filtered out of all reports. Ignored Incident filter lets you filter in or out ignored incidents. By Incident Tag Incident Tags enable setting a free text tag that can link incidents gathered
in TRITON - Data Security to external applications that gives tags (free text) to each incident. It also enables filtering per these tags.
Incident Time This filter lets you filter incidents by time. Use it to select the time for the events you want to display.
IP Address Use IP Address to filter incidents by the host on which they were detected.
Type a valid IP address into the field box, then click Add.
Locked Use this filter to include or exclude files that are locked for update. Mailbox Type This filter applies only to Exchange discovery. Select Private mailbox if
you want to display incidents from private mailboxes. Select Public mailbox if you want to display incidents from public mailboxes. You can
select both if desired.
Viewing Incidents and Reports
172 Websense Data Security