Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Suggest an Idea...

Detailed visibility into DLP alerts

I would like to see what Sophos saw that caused it to trigger a DLP alert. It would be nice to have detailed visibility on what was detected. A SS#? A PAN? A Date of Birth? That way we have concrete evidence of what was detected so we may approach the end user with solid data rather than a general name of the policy.

5 votes
Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

2 comments

Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    Same issue here - reports a web temporary file that has gone by the time we investigate - useful to see the contents of a file ....

  • Michael commented  ·   ·  Flag as inappropriate

    FYI - this information is included in the SMTP Proxy log in the "extra" field.

    You can get these details by:
    * going to 'Logging & Reporting', 'View Log Files', 'Search Log Files'
    * select SMTP Proxy
    * Search for [reason="dlp"] (without the brackets)

    The log will contain info like this:

    ...reason="dlp" extra="CCLdateofbirth, CCLphi, CCLCombinationofpersonallyidentifiableinformationUSA, CCLCombinationofpersonallyidentifiableinformationUK"

    ...reason="dlp" extra="CCLSocialsecuritynumberswithqualifyingtermsUSA, CCLphi"

    ...reason="dlp" extra="CCLSocialsecuritynumberswithqualifyingtermsUSA, CCLphi, CCLNationalidentificationnumberswithqualifyingtermsGlobal"

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.