I have had DLP running in passive mode now for about a week and think I may have either found a bug or am missing something and it is a limitation for a reason.
While in message tracking, if I leave all fields blank, only change the time range to past week. Then I select advance, and check off DLP violations. In
the DLP violations if I choose a known DLP template, say Payment Card Industry Data Security Standard (PCI-DSS) and then click search I get no results,
when in fact the DLP incidents summary page shows me 6 in the same time range. Also, if I do not choose a policy to query and I only check the DLP violations check box, I do get results on ALL violations as expected. My build is 7.1.2-020. Can someone else on the same build test their box if running DLP?
Thanks,
Chris