1. Select the columns to display in the table for this report. The options vary depending on whether this is a Data Usage report or a Data Discovery report. 2. Use the arrows to indicate the order of the columns.
3. Adjust the width as desired.
4. Specify the maximum number of incidents to display on any one page.
5. Select Sort by if you want to sort the view data by one of the columns you
selected, then choose the column from the drop-down list.
6. Indicate if you want to sort by ascending or descending values.
Max Matches The Maximum Matches filter allows you to filter according to the rule
that triggers the most matches. For example, if rules A, B, and C trigger incidents in MyPolicy; the one that has the most matches would be included.
Policy Use the check boxes provided to set which policy’s incidents are displayed in the incident list.
Severity Use this filter to select the severity of incidents to display. Select High if
you want to display incidents of high severity, and so on. Select as many severity levels as desired.
Status The Status filter enables you to select which incidents per status to be
displayed in the incident list.
Total Size This filter enables you to select the size of incidents to display. You can display incidents greater than a certain number of KB, or between x KB and y KB.
Violation
Triggers The to display in the incident list. In the field, enter the list of violation triggers Violation Triggers filter enables you to select which incident triggers to be displayed, separated by commas.
TRITON - Data Security Help 173 Viewing Incidents and Reports
Data Usage report
Column Description
Action The action taken on the incident, as determined by the action plan. Actions include:
Release Content - Release quarantined content to recipients
Assigned Incident - Changed incident assignment from Unassigned -
to administrator. Changed incident assignment from administrator to Unassigned
Ignored Incidents - Marked incident as ignored
Ignored Incidents unmark - Ignored status is removed from incident Change Status - Changed incident status from New to In Process or
from In Process to Closed.
Change Sensitivity - Changed incident sensitivity. Execute Command - Executed remediation script.
Analyzed by Displays the name of the server component that analyzed the incident. Assigned to Either Unassigned or the name of the administrator assigned to handle this
incident. (See Assigning incidents, page 185.)
Channel The channel where the incident occurred. Possible channels include: Email Web FTP Endpoint application Endpoint printing Network printing.
Destination The intended destination of the content that violated policy.
Details The details listed in the forensics Properties tab. Shows the subject in an SMTP incident, the URL in a Web incident, etc.
Detected by Displays the name of the Websense Data Security device or component that detected this incident.
Endpoint type The type of endpoint involved in the incident: PC, laptop, etc. Event ID The ID number assigned to the event or transaction.
Event time The date the event occurred.
File name The name and size of the attachment for this incident.
ID The incident’s unique ID number.
Incident Tag Displays any incident tag set for the incident. (See Tagging incidents, page
188.)
Incident Time The time and date the incident was detected.
Max Matches The maximum number of violations triggered by any given rule in the incident.
Viewing Incidents and Reports
174 Websense Data Security
Severity The severity of the incident: High, Medium, or Low. You define severity in the Severity & Action page of the Add rule wizard. For example: >0 matches = Low severity; >20 = Medium; >400 = High. You can also change an incidents severity (see Changing incident severity, page 187).
Source The source of the incident. Could be a person, computer, or other. Status The status of the incident. Possible status include:
New In process Closed
Under investigation
See Changing incident status, page 186.
Total size The total size of the file or attachment involved, if any, in megabytes. Violation
Triggers The information that created the breach.
TRITON - Data Security Help 175 Viewing Incidents and Reports
Data Discovery report
Column Description
Analyzed by Displays the name of the server component that analyzed the incident. Assigned to Either Unassigned or the name of the administrator assigned to handle this
incident. (See Assigning incidents, page 185.)
Channel The channel where the incident occurred. Possible channels include: Email Web FTP Endpoint application Endpoint printing Network printing
Details The details listed in the forensics Properties tab. Shows the subject in an SMTP incident, the URL in a Web incident, etc.
Detected by Displays the name of the Websense Data Security device or component that detected this incident
Discovery task The discovery task that identified the incident. Discovery
type The type of resource that was scanned: File System, Endpoint, SharePoint, Database, and/or Exchange. Endpoint type The type of endpoint involved in the incident: PC, laptop, etc.
Event ID The ID number assigned to the event or transaction. Event time The date the event occurred.
File extension The file extension of the file that violated policy. For example: .docx or .pptx.
File full path The full directory path of the file that violated policy. File name The name of the file that violated policy.
File owner The owner of the file that contained the policy violation. File size The size of the file that violated policy.
Folder The folder of the file that violated policy.
Host name The name of the host on which the violation was detected.
ID The incident’s unique ID number.
Ignored
incident The incidents marked as ignored.
Incident Tag Displays any incident tag set for the incident. (See Tagging incidents, page
188.)
Incident Time The time and date the incident was detected.
IP address The IP address of the host on which the violation was detected. Locked Indicates whether the incident is locked or available for updates. Max Matches The maximum number of violations triggered by any given rule in the
Viewing Incidents and Reports
176 Websense Data Security