Incident match count is reported inaccurately in Data Loss Prevention Endpoint
Last Modified: 2023-05-26 06:04:20 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Incident match count is reported inaccurately in Data Loss Prevention Endpoint
Technical Articles ID:
KB89970
Last Modified: 2023-05-26 06:04:20 Etc/GMT Environment
Data Loss Prevention Endpoint (DLP Endpoint) - all supported versions For supported environments, see KB68147 - Supported platforms for Data Loss Prevention Endpoint. ProblemWhen you select the Count each match string only one time option in a classification rule, the match count in each incident is inaccurately reported.
Example scenario:A classification rule is configured with criteria set to e-mail address, a threshold of 3, and the Count each match string only one time option enabled. A message arrives with the email addresses below:
Solution
This behavior is considered normal. The Count each match string only one time option means that DLP Endpoint counts instances of the same match only once toward the defined threshold.
Affected ProductsLanguages:This article is available in the following languages: |
|