Incidents are appearing with hundreds of protocol matches in the incident snapshot.
The cause appears to be multiple policies with identical Protocol or Endpoint Monitoring rules on them.
Find all policies with identical "Protocol or Endpoint Monitoring" rules and modify them to no longer be identical. You don't need to change the functionality of the rule, just how it is done. For example, you can still monitor Email, HTTP, and HTTPS but on one policy you could have all three within the same rule while the next policy has the same combination of protocols spread between two rules, etc. Doing this has shown to eliminate the repeated protocol highlighting issue within incident snapshots.
A fix will be provided with DLP 15.5 MP1.
Defect Etrack number.
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.