May 18 2020 11:35 PM
Below is the matched DLP details:
Title: DLP Test
Document owner:
Person who last modified document:
Person sharing item: AlI Vex AllV@externaldomain.com
To: user@internaldomain.com
Cc: admin@internaldomain.com
Bcc:
Severity: High
False positive: No
Override: No
Condition matched: External recipients
Condition matched: Contains sensitive information
.
.
.
..
.
Detected: External recipients, user@unknowndomain.com
Issue
the detected external domain is not listed in either the to,cc,of bcc lines.
question
Is there a way to investigate what policy is adding an external recipient if there is any?
Could the external recipient be added and hidden by the sender? Is there a way to verify this?
Can a matched DLP policy mail flow be traced to view all policies\rules that the email matched during its transportation?
Any suggestion or thought is welcome.
FYI - Message tracing does not provide the details needed.
thanks