Supported editions for this feature: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Standard and Education Plus; Enterprise Essentials Plus. Compare your edition
As an administrator, you can use data loss prevention (DLP) to control what sensitive information users can share. A DLP incident occurs when a DLP rule is broken. For example, a document that contains a personal identification number gets shared externally.
You can use the DLP incidents report to see the number of DLP incidents in a specified date range. The report breaks incidents into 3 levels of severity—high, medium, and low.
View the DLP incidents report
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu SecuritySecurity centerDashboard.
-
In the lower-right corner of the DLP incidents panel, click View Report.
-
(Optional) To download a spreadsheet fo the data to My Drive, click Export Sheet.
Note: You can hide lines in the graph by clicking the legend. For example, click Low Severity to hide this line in the graph. Hiding lines is useful if one line overlaps another.
Customize your report
At the top of the report, use the date range filter to customize data in the report. Customize the report to view data from today, yesterday, this week, last week, this month, last month, or days ago (up to 180 days). Or, you can enter a start date and end date. Click Apply after you set the date range.
View DLP incidents
Under the DLP incidents chart, you see a table that lists the daily DLP incident count for each level of severity by data source (for example, Google Drive).
The table lists these details:
- Date the incident occurred
- Data source
- Number of high, medium, and low-severity incidents
Tip: To narrow down the incidents in the table, use the filters above the list.
View DLP actions
You can see a table of the actions that were triggered as a result of DLP incidents. To see the table, under the DLP incidents graph, click Actions.
The table lists these details:
- Action that was triggered
- Data source
- Number of high, medium, and low-severity incidents that triggered the action
By default, the table displays data for the time range specified at the top of the page. To view the top incidents for just one date, click the date in the DLP incidents graph.
Tip: To narrow down the actions in the table, use the filters above the list.