contextual summary in DLP alerts

Afsar_Shariff · ‎Jul 12 2023

Hello All,

Please let me know is there any possibility of getting contextual summary apart from incident reports in DLP for exchange workload.

I am able to see the contextual summary in incident reports, However, would like to know is there any other option where we can see Contextual summary, including matched sensitive content and surrounding characters. DLP alerts does not have details.

Regards

Afsar

Afsar_Shariff · ‎Jul 13 2023

Hi, @Afsar_Shariff

You can also get the contextual summary through Activity Explorer in the Microsoft Purview Admin Portal. To simplify your search in Activity Explorer, there are plenty of filter options available.

For instance, if I wanted to see more data about activity that matches DLP Rules, I can filter activity explorer to look only for DLP rule matches:

Then in my list, I notice an activity for Exchange that is listed as matching based on the message body:

Once I click on the activity, on the details page that appears, many details appear, including what matched the rule and what sensitive info types were involved. If I click on those sensitive info types, a detailed summary appears.

Now, when you perform your investigations, if you select the alert in the Purview portal and select the "View details" option, on the new page when you select "Events", you will see the option to select "Classifiers" which will give you an overview of the sensitive info types, a contextual summary, and trainable classifiers in the matching file/email.

Hope this helps!

Afsar_Shariff · ‎Jul 14 2023

Thank you

contextual summary in DLP alerts

contextual summary in DLP alerts

Re: contextual summary in DLP alerts

Re: contextual summary in DLP alerts

Products (51)

Special Topics (28)

Video Hub (447)

Most Active Hubs

Most Active Hubs

Video Hub

contextual summary in DLP alerts