When using the IT Analytics (ITA) cube browser, if a view is created in the cubes DLP Discover Incident Details or DLP Discover Incident Summary using the Message Date dimension either as a filter or in rows or columns, the incident count returned does not match the incident count in the Symantec DLP Enforce console. Cube views that use the DLP Detection Date dimension do return correct incident counts, however.

Release : 2.9.1

Component : Symantec DLP Content Pack

The Message Date dimension identifies the date a message is received by a detection server or endpoint client, and this behavior is specific to Data In Motion (DIM) incidents. Symantec DLP Discover scans generate Data At Rest (DAR) incidents, which are not generated by the movement of data to or from detection servers or endpoint clients.

When creating views of the DLP Discover Incident Details or DLP Discover Incident Summary cubes in the ITA cube browser, use the DLP Detection Date and DLP Detection Time dimensions to filter or organize incident counts by date and time.