ANALYZE DATA
      Back to home
      1. Safetica
      2. DASHBOARDS: Analyze potential incidents
      3. ANALYZE DATA

      Drilling into incident details in Safetica

      Learn how Safetica interlinks info from various product sections to facilitate incident investigation. See examples of how website, data, and app details help you investigate incidents, understand policy violations, and take appropriate actions.

      In Safetica, details about data, apps, websites, and other events interlink info from various sections of the product and streamline the flow of incident investigation.

      In this article, you will learn:

      Details always show history from the last 7 days. If you need a longer time frame, you can click a button under the 7-day list to view all actions.

       

      What can you see in the details

      In details, you can find info such as applied data classifications, app or website categories, details about top users (listed by active time), what policy was violated and what action was taken by the policy, links to filter out all operations that were blocked by a policy, and many more.

       

      Example: How website detail empowers your investigations

      The website detail offers info about both blocked website visits and blocked data uploads to provide the context of all noteworthy security events related to a website.

      The admin is suspicious of Facebook activities. They want to investigate what data was uploaded to Facebook and what activities on Facebook were blocked by policies.

       

      Example: How data detail empowers your investigations

      The admin sees a suspicious file and wants to investigate it in detail – see problematic operations, users who worked with the file, and actions taken by policies to protect the file. Watch the video to see how it is done. 

       

      Example: How classification detail empowers your investigations

      The admin sees a file classified as Finance, Healthcare, and Personal and wants to find out why it is considered sensitive and why it was classified with three classifications. They can hover individual classifications to see more info:

      They can also click the file to open its detail and go to the Classification tab. Here they will see:

      • Specific data classifications matched in the file.
      • Deleted classifications: Classifications that are no longer used in Safetica but were used when the file was classified are labeled gray with the word (deleted).
      • Which classification rules were hit (i.e. why the file was matched with the Finance classification).
      • What types of classification elements were found (e.g. which keywords, predefined algorithms, etc.). For regexes and predefined algorithms, we only show the templates, not specific instances (e.g. specific credit card numbers are not shown).
      • The number of found unique occurrences of each piece of sensitive information.
      For archives (such as .zip or .rar), Safetica shows the list of archived files that have a classification; files without classification are not shown.

       

       

      Example: How app detail empowers your investigations

      The admin looks through application categories and notices an issue – there is Notepad in the Text editor category, even though Notepad is forbidden in the company. They decide to check who used the app and what operations were blocked by policies. Watch the video to see how they investigate.

       

       

      Read next:

      How record filtering works

      How to create a virtual report