Previous Topic: Attachment Scanning Action

Next Topic: Email Inspection Action

Confidential Loss Action

The Confidential Loss action contains event information on the scanning of Email for confidential information on two network entities as recorded by a given host.

Information

Level

Source - User Information

Primary

Source - Host Information

Primary

Source - Object Information

Tertiary

Source - Process Information

Tertiary

Source - Group Information

Tertiary

Dest - User Information

Primary

Dest - Host Information

Primary

Dest - Object Information

Primary

Dest - Group Information

Tertiary

Agent - Information

Primary

Agent - Host Information

Primary

Event Source - Host Information

Primary

Event Source - Information

Secondary

Event - Information

Primary

Result - Information

Primary

The important information for this action is which User (Sender) is attempting to send a mail with confidential information to which User (Recipient). The event information was expressed on which host and recorded by which agent on which host.

Result

event_result

event_severity

Success

S

2

Failure

F

3