Low and Slow Data Theft (Drip DLP) Organizations often define how many incidents of confidential information can leave an organization per document or request, often it includes sending sensitive information out in pieces over time with patience and persistence.
Release : 15.8, 16.x
Component : Detection server, Endpoint agent.
A policy which generates the incident if email has two credit card details however, if user sends 500 separate emails with one credit card details in each email, such scenario requires controlling/detection mechanism.
Drip DLP feature is currently not supported. There is an open product enhancement request being reviewed for a future release.