Forum Discussion
Incorrect alert information for DLP incidents being displayed
We have an *AND* statement within our DLP rules across the organization policy set where only one of the two conditions within the "AND" is firing and we're getting alerts that are not showing all th...
Paul_Doucettedid you get any update on this issue? According to Microsoft support they have fixed the issue in all tenants as of October, but I haven't been able to confirm the fix though.
To reproduce it, I set up two simplified rules designed to trigger when an email includes both Source code (trainable classifier) and Credit Card Numbers (SIT).
When sending an email containing these elements, both rules are indeed triggered. However, despite being a necessary condition for firing, Rule TEST_R10a, which uses an AND condition between condition groups, fails to return the trainable classifier in the Activity Eplorer (and API), confirming your point of incomplete data in the explorer.
So, we are still working with support to get it resolved.