ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Severity not set correctly for Cloud Email Service incidents
Article ID: 170477
Updated On:
Products
Data Loss Prevention Cloud Service for Email
Data Loss Prevention Cloud Package
Issue/Introduction
Incidents are marked as HIGH severity when policy uses an AND condition in the policy, changing expected severity from INFO, LOW, or MEDIUM
Steps to reproduce:
- Create a policy with at least one compound rule condition (keyword AND DI; EDM AND keyword; etc.)
- Set default severity to 'medium'.
- Add severity condition to set severity to 'High' when match count is greater than or equals '10'
- Add a response rule which executes only if the severity is 'High'.
Note that the issue can prevent many Response Rules from being applied correctly.
Cause
Cause of the issue is that the compound condition causes the settings for severities to drop out from the incident summary, defaulting to the HIGH severity.
Environment
DLP Cloud Service
Resolution
Upgrade to 15.1 MP1 or higher.
Feedback
Yes
No
Powered by
