A modification was made to DLP and you need to understand who and when it occurred.

the Audit Log tablespace (protect.auditlog) contains data regarding what changes were made to the Enforce console.

How to query the Audit Log table: 

• Go to enforce server.
• Review this file to understand the database server connection: JDBC.properties
  Example location: "<install drive>:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config\Jdbc.properties"
• Connect to the database server using sqlplus or sqldeveloper.
  The Audit log table is called protect.auditlog.
• To query a date range, update the following example with the days to match on.
  
  select username,action,detail from protect.AUDITLOG where time like '21/04/24%';  --The date format is day/month/year(last two digits)

As of DLP 16.0.1 you can review the Audit Log in the Enforce console by navigating to System > Servers and Detectors > Audit Logs.
See this tech doc for more information:

Using Audit Logs