A keyword policy with a compound detection rule, Keyword+Protocol Monitoring for HTTP/HTTPS, does not generate incidents.

1. Ensure that the policy is set to Active.
2. Confirm the policy group name, and ensure the Keyword+Protocol policy is assigned to the correct policy group.
3. Check if the Detection Server has been assigned to the policy group required to load the Keyword+Protocol policy.
4. Review the Detection Server events for "1200 Loaded policy" or "1201 Loaded policies {0.EN_US}" to confirm that the policy had been loaded.
5. Enable Detection Operational Trace logging (System > Servers > Logs > Configuration tab)

Refer to Configuring Server Logging Behavior (broadcom.com) for additional information.

6. Submit the test data to an external web site where traffic will be intercepted by a web proxy with Network Prevent for Web attached.
7. Review 'detection operational trace' logs and ensure that the Detection Server is accurately detecting the sensitive data and triggering incident creation.