Data Loss Prevention Events Log
The Data Loss Prevention Events Log displays all events triggered by data loss prevention rules for computers or servers.
An endpoint computer can send a maximum of 50 data control events per hour to Sophos Central. All events are logged locally on the endpoint computer.
Go to Reports > Endpoint & Server Protection Logs > Data Loss Prevention.
You can find the following features and information on the Data Loss Prevention log:
Search: If you want to view events for a certain user, device or rule name, enter the name of the user, device, or rule in the search box.
Choose period: Use the box to select the time period for which you want to view events. If you select Custom, use the From and To fields to select the dates between which you want to view events. You can view events that occurred in the past 90 days or less.
Filter by rule name: You can filter the events by rule name.
Filter by file type: You can filter the events by file type.
Update: Click this to display any new events reported since the page was last opened or refreshed.
The event table provides these event details:
- Date and time: Time and date when the event occurred
- User: Source that caused the event, for example, the name of a user or system
- Device: Device that caused the event
- Rule name: Data loss prevention rule that caused the event
- Rule action: Data loss prevention action that caused the event
- File name: Name of the file that caused the event
- Destination type: Name of the destination that caused the event
Save as Custom Report lets you save the report settings in the Saved Reports table on the Logs & Reports page.
The Export menu (on the right of the table) lets you export the current view or the report for the past 90 days as a CSV (comma separated value) or PDF file. Exported reports are limited to 5,000 events each.