Forum Discussion
Solved
Overrides and false positives in DLP policy end user experience
Ok so a user gets a policy applied to his/her document for let's say PCI compliance. On the policy tip we give the user the option to override with a business justification or to report as a false p...
- No I'm not able to; I don't think you can.
If someone does put down it's a false positive and it's not, I usually go and speak to the individual or email them. There's no way that I know of to reclassify it.
I also have alerts turned on to me when people do it so when I get the email, it shows the override reason and false positive answers. If anyone puts anything that we don't agree with as being an acceptable answer, then we raise this with them/their line manager.
I think that's the conclusion I'm coming to.
There is no way to actually do what I'm expecting - which I think would make total sense to be able to interact and deal with these incidents rather than having to go find a user and have a chat with them.
I have it set up to alert me and it sounds like that's the best I can hope for.
That's all I needed - no one was able to tell me if I was missing anything or not but you've got the same experience so sounds like it is what it is.
Thanks so much for your help!
Sorry it wasn't the answer you were looking for. I agree, it's not the best system and would be great to reclassify the false positives. I have it set-up for NI numbers so would be great to reclassify dummy NI numbers so they get excluded, as that's where most of my false positives come from.
Glad I could help (a bit).
Glad I could help (a bit).