Netskope Help

Select a Severity Threshold

Alerts triggered by the DLP rule depend on the severity of the violation. Set the number of occurrences that should match before a DLP violation is triggered, and then determine which level of severity should trigger an alert.

To set a severity threshold:

  1. On the Severity Threshold page, select either Record  or Aggregate Score.

    The Record option uses the count of violations to determine the severity of the violation. 

    The Aggregate Score option uses the sum of weights for each matched entity to determine the severity of the violation. The default score for most entities is 1. Although, custom dictionaries can be used to assign other values for specific keywords.

    For more information on dictionaries, see Use Dictionary Files.

  2. Count only unique record: When enabled, if there are multiple occurrences of a specific keyword in a DLP violation, then the violation is counted as one. Also, enabling this option will clear the preset severity threshold.

  3. Enter a number of occurrences for each severity level, or simply keep the defaults.

  4. Change or keep the severity level that triggers a policy action from the dropdown list. An alert will be sent when the severity level exceeds the number of specified occurrences.

  5. When finished, click Next.