Incident details – Review
Show all | Hide all
No
The No field displays the serial number of an incident. The number is assigned to an incident when one is created, and it is unique.
On the Browse tab, you can view detailed information about an incident, change the incident status, and send users notifications of violations of the corporate security requirements.
The Status field shows the current incident status. You can change the incident status by clicking the Change button.
User
The User field contains the account name of the employee associated with an incident (displayed as a link). Clicking this link opens an email window so that you can send a message to that employee.
After failing to determine the user's Active Directory account, the application displays the user's SharePoint account in this field. If the application failed to determine the user's SharePoint account, the application displays the Error receiving name notification in this field.
File
The File field displays the name of the file associated with an incident. Clicking the Actions button on the right of the file name opens a section in which you can select the action to be taken on the detected file:
- Save as. The application saves the file to the specified location.
- Open from SharePoint website. The application opens the page of a SharePoint website with the detected file.
- Add to exclusions. The application adds the web address of the file to the list of exclusions.
If the incident has been created due to a policy violation, the web address will be added to the policy's exclusions. The application will not control the uploading of files by users to that web address.
If the incident has been created when running the search task, the web address will be added to the search task's exclusions. The application will not scan files located on that web address.
- Copy data to clipboard. When you click this button, the application copies the incident details and processing history to the clipboard. The order and set of details being copied are the same as those displayed in the Incident details window. To continue handling the incident, you can paste the data from the clipboard to a text editor (such as Notepad or Microsoft Word).
You cannot add the web address to the exclusions of search tasks for incidents that have been created during the operation of Kaspersky Security 9.0.
The Manager field displays the account of the employee's manager that is present in Active Directory.
The Address field displays the web address of the file that has caused the policy violation while being transferred to SharePoint.
The Category field displays the name of the data category detected by the application in the file being transferred.
The Priority field displays the incident severity rate specified in the policy settings.
The Action field displays the action that has been applied by the application to the file.
The Created field displays the date and time of the incident creation. The internal SharePoint server time is used.
The Policy field displays the name of the violated policy.
The Violations field displays the number of text fragments that contain data matching the category.
The Violation context field displays all text fragments that contain data matching the category. Keywords or table data in each fragment are highlighted in red.
Page top