What Are Netskope Incidents?

The DLP page contains information regarding DLP incidents in your environment.

The DLP page provides this information about each DLP incident:

• Object: Shows the file or object that triggered the violation. Clicking the object opens a page with more details where you can change status, assign incidents, change severity, and take actions.
• Application: Shows the application that triggered the violation.
• Exposure: Shows files that are categorized by exposure, such as Public - Indexed, Public - Unlisted, Public, Private, Externally Shared, Internally Shared, and Enterprise Shared.
• Violation: Shows the number of violations within the file.
• Last Action: Shows the action that was most recently taken.
• Status: Shows the state of the event. There are three status categories: New, In Progress, and Resolved.
• Assignee: Shows who is tasked with monitoring the event.
• Severity: Shows the level of severity. There are four levels: Low, Medium, High, and Critical.
• Timestamp: Shows the date and time of the violation.

The Anomalies page provides information about the various types of detected anomalies.

There are three Anomalies page categories. For more information, click the appropriate category.

The Compromised Credentials dashboard informs you about known compromised credentials for the accounts that are used by your employees.

The Compromised Credentials dashboard includes:

• Total number of users with compromised credentials.
• Identified and detected users.
• Media references of data breaches in both table and graph format.
• A compromised user's email address.
• Data source status.
• The source of info.
• The date credentials were compromised.

To remove one or more of the compromised credentials, enable the checkbox next to an item and click either Acknowledge or Acknowledge All.

The Malware page provides information about malware that is found in the environment.

The Malware page includes:

• Malware: The number of malware attacks detected by the scan.
• Users Affected: The number of users that have files that are affected by a specific malware attack.
• Files Affected: The number of files quarantined or that triggered an alert.
• Malware Name: The name of the malware detected.
• Malware Type: The type of malware detected.
• Severity: The severity that is assigned to the malware.
• Last Action Date: The date the first file was detected by the scan and an action was taken based on the quarantine profile selected.

Click an item on the page to see more comprehensive details or to quarantine, restore, or mark the file as safe.

The Malicious Sites page allows you to see what potentially malicious sites endpoints are going to.

The information that is shown on this page includes:

• Sites Allowed: Sites that your users visited and were not blocked.
• Total Malicious Sites: The total number of malicious sites that have been visited.
• Users Allowed: The number of users who are not blocked from visiting a malicious site.
• Site: The malicious site's IP address or URL.
• Severity: The severity rating for the malicious site.
• Category: The type of malicious site detected.
• Site Destination: The location from where the malware was downloaded.

The Quarantine page shows a list of quarantined files.

The Quarantine page has the below information about the quarantined file:

• Date: The date the file was quarantined.
• File Name: The file name of the file at the time of quarantine.
• Original File Name: The original name of the quarantined file.
• Policy Name: The enforced policy name causing the file to be quarantined.
• Violation: The policy violation causing the file to be quarantined.
• File Owner: The owner of the quarantined file.
• Detection Method: The method used to detect the violation.

You can take actions on each of the quarantined files. Select the checkbox beside a quarantined file, and on the bottom-right, click:

• Contact Owners: You can contact the owner of the quarantined file.
• Download Files: You can download the tombstone file.
• Take Action: You can either restore or block the tombstone file.

The Legal Hold page contains a list of files that are placed in legal hold.

The Legal Hold page has the below information about the file that is placed in legal hold:

• Date: The date the file was put in legal hold.
• File Name: The name of the file at the time it was put in legal hold.
• Original File Name: The original name of the file put in legal hold.
• Policy Name: The enforced policy name causing the file to be put in legal hold.
• Violation: The policy violation causing the file to be put in legal hold.
• File Owner: The owner of the file in legal hold.
• Detection Method: The method used to detect the violation.

You can take actions on each of the legal hold files. Select the checkbox beside a legal hold file, and on the bottom-right, click either:

• Contact Owners: This contacts the owner of the file.
• Download Files: This downloads the file.