Forum Discussion
Afsar_Shariff
Jul 12, 2023Brass Contributor
contextual summary in DLP alerts
Hello All,
Please let me know is there any possibility of getting contextual summary apart from incident reports in DLP for exchange workload.
I am able to see the contextual summary in incident reports, However, would like to know is there any other option where we can see Contextual summary, including matched sensitive content and surrounding characters. DLP alerts does not have details.
Regards
Afsar
Hi, Afsar_Shariff
You can also get the contextual summary through Activity Explorer in the Microsoft Purview Admin Portal. To simplify your search in Activity Explorer, there are plenty of filter options available.
For instance, if I wanted to see more data about activity that matches DLP Rules, I can filter activity explorer to look only for DLP rule matches:
Then in my list, I notice an activity for Exchange that is listed as matching based on the message body:
Once I click on the activity, on the details page that appears, many details appear, including what matched the rule and what sensitive info types were involved. If I click on those sensitive info types, a detailed summary appears.
Now, when you perform your investigations, if you select the alert in the Purview portal and select the "View details" option, on the new page when you select "Events", you will see the option to select "Classifiers" which will give you an overview of the sensitive info types, a contextual summary, and trainable classifiers in the matching file/email.
Hope this helps!
- miller34mike
Microsoft
Hi, Afsar_Shariff
You can also get the contextual summary through Activity Explorer in the Microsoft Purview Admin Portal. To simplify your search in Activity Explorer, there are plenty of filter options available.
For instance, if I wanted to see more data about activity that matches DLP Rules, I can filter activity explorer to look only for DLP rule matches:
Then in my list, I notice an activity for Exchange that is listed as matching based on the message body:
Once I click on the activity, on the details page that appears, many details appear, including what matched the rule and what sensitive info types were involved. If I click on those sensitive info types, a detailed summary appears.
Now, when you perform your investigations, if you select the alert in the Purview portal and select the "View details" option, on the new page when you select "Events", you will see the option to select "Classifiers" which will give you an overview of the sensitive info types, a contextual summary, and trainable classifiers in the matching file/email.
Hope this helps!
- Afsar_ShariffBrass ContributorThank you