Nov 17 2016
07:29 AM
- last edited on
May 24 2021
01:58 PM
by
TechCommunityAP
Nov 17 2016
07:29 AM
- last edited on
May 24 2021
01:58 PM
by
TechCommunityAP
Is there a limit for the amount incident reports and notification emails generated?
Nov 17 2016 09:10 AM
Nov 17 2016 07:49 PM
It might help if you give us some more detail on the question. What Juan said is true afaik, there are no limits. If you do want to limit the number of emails generated, you can configure alert limits via the Advanced Security Management feature
Nov 18 2016 08:30 AM
Thank you @jcgonzalezmartin.
We tested DLP on a really small scale initially looking for any US financial or HIPPA related data without setting confidence levels. Email, policy tips turned on, and configured the incident report. Applied this policy to a single SharePoint site and OneDrive account. It flagged nearly every document we expected and sent the incident reports without issue and as well as the notification to the site owner.
For the bigger scale we split out the policy to have one for SharePoint and one for OneDrive for Business. Both policies having one singular rule looking for any US financial or HIPPA related data without setting condfidence levels. Of course this brought back thousands of possible policy violating documents. Unfortunately, the amount of incident reports sent were about 23, at most. I checked message trace to see if it was possible these messages were going in to Junk or Clutter but that was not the case. The reports claim the action to generate incident reports have happened so it seems they just aren't being sent out.
I thought perhaps there was a limitation on reports being sent so I have broken policies down even further having a financial policy having 2 rules(low, high) for each SharePoint and OneDrive and applied confidence levels to each. Still the amount of incident reports generated was high and incident reports sent out little to none.