A policy created has been renamed and also was moved to a different Policy Group. Issue is when running reports. When reporting by filtering on the Policy name all the incidents show. When filtering on the Policy Group and summarizing by Policy then maybe 1/3 of the incidents show.
This is by designed. In our Oracle schema, for each incident we retain the policyID, policyVersion and policyGroupID that led to the creation of this incident.
This way we can tie any incident to the particular version of the policy that triggered it, regardless of how many changes the policy went through after that (and as you know you could always change the structure of that policy to something drastically different if you want to). And we can also remember which policy group was involved at that time, regardless of the policy group associated to the current form/version of the policy.
DLP Release : 15.7 MP2
Examples of the search being performed - returned Total Number of results differently after the changes to the Policy.
1. Search Query: Filtered by Policy Group
Filter by Policy Group: Is Any of “Policy Group1”
Summarized by Policy: “PolicyName
Total Results: 805,678
2. Search Query: Filtered by Policy by Month
Filter by Policy: is Any of “PolicyName”
Total Results: 3,514,919
You can go into the Incident Access and revert the access to the PolicyName
Only show incidents meeting the following criteria:
Policy Group Is None Of <Revert the policies here> so they can see the full report