LET'S EXPLORE POLICY VIOLATIONS
This overview will walk you through the various functionality found on the policy violations tab.
New! Archiving (See bottom of article)
HIGH-LEVEL INFO:
At the top of the page you will find high level information about the risks in your environment.
Total Violations: In this section you will see the total number of policy violations at the top. You can also access all of your currently configured policies directly by clicking on "View / Edit Policies".
Entities Violated: This section displays a breakdown of the policy violations, showing the number of violations that occurred on Content, App, or User policies. If you'd like to filter the page too see only one type, you can click the blue number next to the name of the policy type.
Content Entities Violated: This section displays a breakdown of the content policy violations, showing the number of violations that occurred within Emails, Drive, and Team Drive cloud locations. If you'd like to filter the page to see only the content policy violations within one cloud location, you can click the blue number next to the name of the cloud location.
Remediations: This section displays a breakdown of the remediation states on all policy violations, showing the number of policy violations that have Executed(remediation is set and has been executed), No Action(no remediation action has been set), and Pending(remediation is set but has not taken place due to a delay that has not been reached). If you'd like to filter the page to see only policy violations that have a specific remediation state, you can click the blue number next to the name of the desired remediation state.
(Note: the clock symbol in the top right indicates that all statistics in this box(Total Violations, Entities Violated, Content Entities Violated, and Remediations) are time independent, meaning any filters that restrict the time frame do not affect the counts displayed.
Last 24 Hours: This box displays the total number of policy violations and Remediation actions taken in the last 24 hours. If you'd like to filter the page to show only policy violations or only remediation actions taken in the last 24 hours click on the blue number above either of the names.
RESULTS BOX:
Below the high-level overview you will find the results box. Here, all policy violations within your environment will be displayed. The results box has five columns with relevant information about each violation.
Entity Name: The name of the file, user, or app that has violated a policy. To view the relevant details of the entity, and what about it triggered the policy violation, click the blue drop down arrow next to the entity name. To jump to the applicable tab and filter to see the entity, simply click on its name.
Policy Violated: The number of policies that this entity has violated. To view all policies this entity violated, along with relevant information about the policy for each, click the blue drop down arrow next to the number
Policy Violation Time: The time that the entity was found to have violated a policy.
Priority Remediation Action: The remediation action that is configured to be taken on the entity.
Remediation State: The state (No Action, Executed, Pending, Stopped Via Actions, or Failed) of the configured remediation action for the policy that's been violated.
Actions: After selecting a checkbox to the left of the Entity Name, you are able to take the following actions if there is a pending remediation action scheduled to occur in the future.
- Remediate: This will bypass the schedule for remediation to take place in the future and execute whatever action is configured in the policy to take place immediately for only this entity.
- Stop Remediation: This will cancel the scheduled remediation action for only this entity.
Above the results box is a search box. You can use this box to search for specific policy violations, based on either Policy Name, Entity Name, or User. Selecting the Down Arrow will allow you to fine tune your search.
Policy Name: Search for policy violations by the name of a specific policy that was violated.
Entity Name: Search for a specific entity that has violated one or more policies.
User: Search for a certain user who has violated a policy.
FILTERING:
Filtering allows you to narrow down the policy violations that you'd like to be shown. Simply select the Filter button on the right side of the screen to apply filters. Filters can be stacked to create very specific content.
Start By Selecting a Parameter from the drop down
- Policy Type: Filter by the type of policy that was violated. Content, User, or App.
- Content Type: Filter for content policy violations by the location of the entity. Drive, Team Drive, or Emails.
- Remediation: Filter by the state of the configured remediation action. Executed, Pending, No Action, Failed, or Stopped Via Actions.
- Policy Count: Filter by the number of policies each entity has violated. 1 Policy, 2 Policy, or 2+ Policy.
- Policy Violation Time: Filter by the date range that the policy violation was detected. Start Date, End Date.
- Archived Violations: Violations that have been archived.
REPORTING:
To report on filtered summary data you can use the "Download CSV Report" option. This can be found in the top right of the screen.
ARCHIVING:
You can archive historical policy violations to help keep your policy violations organized as you've after you've addressed the issue.
Note: Archived policy violations will be deleted from the console after 90 days.
- To Archive a Violation, click the checkbox next to the violation name, and then select the Archive Violations button at the top of the table.
- To un-archive a violation, put a Filter in place for archived violations, select the checkbox, and click the Unarchive Violations button.
Comments
0 comments
Please sign in to leave a comment.