Allow reporting and alerting on Ingress/Egress Direction in DLP Alerts
Currently the DLP capability of the client does not provide any information on whether a event is considered ingress or egress.
I would like to see reporting and alerting by user on files that have been transmitted out of the org, as this is where a breach may occur.
Daniel Murrieta commented
To provide more granularity, I think it'd be better to customize alerts according to @domain.com vs just ingress or egress. Mergers and dealings with third parties may require sharing of sensitive data, which we would want to specify in the DLP policy.
It could have an blacklist or a whitelist style, or it could categorize into "low concern" (ex. ingress) and "high concern" (ex. egress). Again, the more we can customize it, the less false positives we may end up seeing.