Cato Networks Knowledge Base

Search

Using the DLP Dashboard

This article discusses how to use the DLP Dashboard to get a quick overview of data related violations and events in your network. You can then drill-down and analyze the threat types and easily open the relevant events.

Overview of DLP Dashboard

The DLP Dashboard lets you view the data and content related activity in your network based on the data control policies. The screen contains several widgets that provide visibility for the different data violation criteria. The screen also lets you filter according to a specific time frame to drill-down and focus on the relevant data violations and events in your account.

Getting Started with the DLP Dashboard

The DLP Dashboard screen shows the total number of data violations over the time range.

DLP_Dashboard.png

Selecting the Time Range

The default time range for the data violations is the previous two days. You can select a different time range for the DLP Dashboard to show a longer or shorter time period. For more information, see Setting the Time Range Filter.

The maximum date range for the DLP Dashboard is 90 days.

Configuring Filters to Analyze DLP Data

There are two ways to filter the data in the DLP Dashboard and show the items that are most relevant: automatically update the filter with the selected item, or manually configure the filter.

Automatically Filtering for an Item

As you hover over an item or field where a filter option is available, the TD_Filter.png button appears. Click the icon to show the filter options:

  • Add to Filter - Adds the item to the filter, and the DLP Dashboard now only shows data that includes this item. For example, if you filter for a specific host, the screen only shows data that is related to that host. No other DLP data is available until you change or clear the filter.

  • Exclude from Filter - Updates the filter to exclude this item, and the DLP Dashboard now only shows data that does NOT include this item.

  • View Events - Adds this item to the filter, and the Events screen opens and shows all the events that match the filter.

You can continue to add items to the filter, click TD_Filter.png again to update the filter and drill-down further.

Manually Configuring the Filter

You can manually configure the filter for greater granularity to analyze the data control violations. After you configure the filter, it is added to the filter bar and the screen is automatically updated to show the DLP data that matches the new filter.

DLP_Manual_Filter.png

To manually configure a filter:

  1. In the filter bar, click Add2.png.

  2. Start typing or select the Field.

  3. Select the Operator, which determines the relationship between the Field and the Value you are searching for.

  4. Select the Value.

  5. Click Add Filter. The filter is added to the filter bar and the DLP Dashboard is updated to show results based on the filters.

Clearing the Filter

You can remove each item in the filter separately, or clear the entire filter.

DLP_Clear_Filter.png

To clear the filters for the DLP Dashboard:

  1. To clear a single filter, click remove.png next to the filter (item 1 above).

  2. To clear all the filters, click X at the right end of the filter bar (item 2 above).

Working with DLP Dashboard Widgets

The DLP Dashboard widgets give you a high-level overview of data control violations in your network.

Understanding the DLP Widgets

The DLP widgets provide information about the data violations detected by the DLP engines. These are the DLP widgets:

  •  Top Violating Rules - Shows the top data control rules in the Application Control screen according to the rule name and the number of events for each one.

  • Events Violations Over Time - Shows the number of data violations over the time frame. You can filter the widget by:

    • Rule name - select the data control rule that is shown in the widget.

    • Application - select the applications that are shown in the widget (only shows applications that were actually used during the time frame).

    Use the mouse to select a smaller time range for the threat data, the screen is automatically updated.

  • Events by Actions – Shows the percentage of events based on the rule actions.

    Hover over the widget to show the absolute number of events.

  • Events by Severity – Shows the number of events based on the severity for the Data Control rules.

  • Event Violations by Sites - Map of the top physical site locations with the number of events per site.

  • Top Hosts - Shows a list of the top hosts (source IP address) with the number of DLP violation events for each host.

  • Top Violations by Data Profile - Shows a list of top DLP Content Profiles with the number of DLP violation events for each profile.

  • Top Violations by File Properties - Shows a list of top Content Types for Data Control rules with the number of DLP violation events.

Was this article helpful?

1 out of 1 found this helpful

Comments

0 comments

Article is closed for comments.