Forum Discussion

Afsar_Shariff's avatar
Afsar_Shariff
Brass Contributor
Jul 12, 2023
Solved

contextual summary in DLP alerts

Hello All,   Please let me know is there any possibility of getting contextual summary apart from incident reports in DLP for exchange workload.   I am able to see the contextual summary in incid...
  • miller34mike's avatar
    miller34mike
    Jul 13, 2023

    Hi, Afsar_Shariff 

     

    You can also get the contextual summary through Activity Explorer in the Microsoft Purview Admin Portal. To simplify your search in Activity Explorer, there are plenty of filter options available.

     

    For instance, if I wanted to see more data about activity that matches DLP Rules, I can filter activity explorer to look only for DLP rule matches:

     

     

    Then in my list, I notice an activity for Exchange that is listed as matching based on the message body:

     

     

     

    Once I click on the activity, on the details page that appears, many details appear, including what matched the rule and what sensitive info types were involved. If I click on those sensitive info types, a detailed summary appears.

     

     

     

     

    Now, when you perform your investigations, if you select the alert in the Purview portal and select the "View details" option, on the new page when you select "Events", you will see the option to select "Classifiers" which will give you an overview of the sensitive info types, a contextual summary, and trainable classifiers in the matching file/email.

     

     

     

    Hope this helps!

     

     

miller34mike's avatar
miller34mike
Iron Contributor
Jul 13, 2023

Hi, Afsar_Shariff 

 

You can also get the contextual summary through Activity Explorer in the Microsoft Purview Admin Portal. To simplify your search in Activity Explorer, there are plenty of filter options available.

 

For instance, if I wanted to see more data about activity that matches DLP Rules, I can filter activity explorer to look only for DLP rule matches:

 

 

Then in my list, I notice an activity for Exchange that is listed as matching based on the message body:

 

 

 

Once I click on the activity, on the details page that appears, many details appear, including what matched the rule and what sensitive info types were involved. If I click on those sensitive info types, a detailed summary appears.

 

 

 

 

Now, when you perform your investigations, if you select the alert in the Purview portal and select the "View details" option, on the new page when you select "Events", you will see the option to select "Classifiers" which will give you an overview of the sensitive info types, a contextual summary, and trainable classifiers in the matching file/email.

 

 

 

Hope this helps!

 

 

Afsar_Shariff's avatar
Afsar_Shariff
Brass Contributor
Jul 14, 2023
Thank you

Resources