Endpoint incident with incorrect Severity level

Article Id: 160425

Status: Published

Updated On: 21-03-2014 17:00

Legacy Id: TECH221180

Products:

Data Loss Prevention Enforce

Issue/Introduction:

Detection known issue

Resolution:

A policy that specifies a different Severity level based upon the number of incident matches may generate an Endpoint incident with an incorrect Severity level.

For example, a policy is created with the following Severity settings:
Default Severity = Info.
Severity = High, if (# of matches) > = 20.
Severity = Medium, if 10 < (# of matches) <20.
Severity = Low, if (# of matches) < = 10.

The resulting incidents do not contain Severity levels that match the Severity settings.