Endpoint incident with incorrect Severity level

book

Article ID: 160425

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Detection known issue

Resolution

A policy that specifies a different Severity level based upon the number of incident matches may generate an Endpoint incident with an incorrect Severity level.

For example, a policy is created with the following Severity settings:
Default Severity = Info.
Severity = High, if (# of matches) > = 20.
Severity = Medium, if 10 < (# of matches) <20.
Severity = Low, if (# of matches) < = 10.

The resulting incidents do not contain Severity levels that match the Severity settings.