Stop data loss with DLP for Drive

View DLP for Drive dashboard incidents, alerts, and audit events

Use the Security Dashboard, alerts, and the Rules audit log for DLP for Drive

Supported editions for this feature: Enterprise; Education Fundamentals, Standard, Teaching and Learning Upgrade, and PlusCompare your edition

Data loss prevention (DLP) for Drive detects incidents through scans, and incidents trigger actions and alerts.

The reports described in this article apply to DLP for Drive only. 

DLP Security Dashboard incidents

View DLP logged incidents detected during DLP scans in Securityand thenDashboard. From the Security Dashboard, you can see these incident dashboards (with incidents logged over time):

  • DLP Incidents
  • Top Policy Incidents

You can triage daily incidents and examine trends to discover the success of implemented DLP policies. Details on single or aggregated incidents are available to help you respond quickly to events, and helps you measure policy success over time. Go to About the security dashboard for details.

DLP alerts

If you configure alerts for rules, you receive a DLP alert in the alert center when a DLP rule is triggered. From the Admin console Home page, go to Menuand thenSecurityand thenAlert center. Go to View alert details for more information.

Under the alert Key details, the system records only recipients that were matched before a DLP rule flags the content. Re-sharing a document after it is flagged by DLP does not automatically update the recipient information on the alert.

Note that there is a time lag between when an alert is created in the Alert center and when the corresponding incident or log event is shown in the DLP Security Dashboard and the investigation tool.

Each rule can generate up to 50 alerts per rule per day. You receive alerts until this threshold is met. All incidents for each rule are recorded and shown in the investigation tool and the Rules audit log. Click the Investigate Alert link in the Alert Details page in the Alert Center to access the investigation tool page showing incidents that occurred for a particular rule within a two-day window.

DLP audit events

The Rules audit log shows a record of DLP incidents recorded in your Google Admin console. For example, you can see when a user has tried to share sensitive data such as a driver’s license number. Go to Rules audit log for details. Audit events are also shown in the investigation tool, where DLP individual incidents are shown under Rule log events. Both the Rules audit log and the investigation tool will surface the audit logs for triggered DLP rules.

Related Information

Thông tin này có hữu ích không?
Chúng tôi có thể cải thiện trang này bằng cách nào?

Bạn cần trợ giúp thêm?

Đăng nhập để xem thêm tùy chọn hỗ trợ giúp nhanh chóng giải quyết sự cố