I have multiple DLP policies created in my tenant. One of the policy block all file sharing with external users. I only want to stop sharing files if the file contains sensitive data, such as SSN. I would like to find out which one of the policies match that criteria so I can modify that policy accordingly. But how do I know which DLP policy matches. I have looked at the DLP report, but it is not real time report.
There's no "real time" data on this, and you shouldnt be needing such in order to determine which DLP rule acted on a given item. The Report details should give you this information, and you can also get details out of the Unified audit log entries.