CloudLock Incidents

A CloudLock incident is a record of an event in which a document triggers a CloudLock policy. Every incident has a severity of Critical, Alert, Warning, or Info – the severity is derived from the Severity setting of the policy triggering the incident. Incidents contain information about creation time and date, the document triggering the policy, the identification of the policy itself, and the owner of the document in question. Incidents generated by information on other platforms secured by CloudLock contain different information. If you use CloudLock to secure other platforms as well, you will see these incidents in the Incidents List – but all CloudLock incidents appear in the same list for all platforms.

You can review and manage CloudLock incidents from the Incidents Panel, which is available in the CloudLock navigation panel:

The Incidents Panel includes four information displays:

• Trend Graph, an interactive graphic showing incident trends over time.
• Policies with Most Incidents, which quantifies top incident totals by policy.
• Users (Owners with Most Incidents), which quantifies top incident totals by user.
• Incident List, an interactive list of all incidents.

Reviewing Trends

The Trend Graph displays incidents over time. You can select the time scale for the display in the upper-right. In addition, by hovering the pointer over the graph itself the detailed information for each time interval is displayed. Note that this chart displays total incidents of all severities.

You can use the Trend Graph to monitor the ongoing mix of incident quantity and severity, and to recognize and investigate any spikes in activity that occur.

Checking Top Sources

The Policies with Most Incidents box displays the current count of incidents (all severity levels) for the top five policies generating the most incidents. This display can be useful in identifying the most problematic situations, as well as serving as a check on how well your top policies are fine-tuned. The Users (Owners with Most Incidents) box displays the top five users owning objects that resulted in the most policy violations. This display can be useful in identifying users who may need help adhering to best practices.

##Using the Incidents List The Incidents List is the most useful portion of the Incidents Panel. The filters you use control which incidents are visible – the filters are dropdown menus immediately above the list. The filters enable you to configure the list to see only the incidents you need to address at any given time. You can also use the list as a starting point to analyze, respond to, and resolve individual incidents.

###Searching for an Incident To search for a specific incident, enter the Incident ID in the search box located above the Bulk Actions dropdown menu.

###Filtering the Incidents List To filter the Incidents List, use the filter bar located just above the incidents list. When you select a filter, only incidents matching that filter appear in the list.

You can select any number of filters. For example, you can choose to see all incidents that are New, represent user activity, and have Warning-level severity.

As you add filters the list updates interactively to display only the type of incidents you choose. You can export the filtered list (as a .csv file) for further analysis in a spreadsheet application.

###The Owner Filter The Owner filter is particularly useful with Google Drive. It incorporates a free-form text field enabling you to, in effect, search for owners of documents and track their Google Drive activity according to other filters — for example, you could filter the Incidents List to show the documents by a single user that, over time, triggered Critical incidents. If such incidents cease after a certain point, it could indicate that remediation efforts succeeded.

##Removing Filters Each filter you add to the list is displayed below the filter bar. You can remove filters individually by simply closing each one. The list continues to update interactively as you manipulate the filters.