eG Monitoring
 

Measures reported by EXODlpTest

To comply with business standards and industry regulations, organizations need to protect sensitive information and prevent its inadvertent disclosure. Examples of sensitive information that you might want to prevent from leaking outside your organization include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy in the Office 365 Security & Compliance Center, you can identify, monitor, and automatically protect sensitive information across Office 365.

A DLP policy contains a few basic things:

  • Where to protect the content - locations such as Exchange Online, SharePoint Online, and OneDrive for Business sites.

  • When and how to protect the content by enforcing rules comprised of:

    • Conditions the content must match before the rule is enforced - for example, look only for content containing Social Security numbers that's been shared with people outside your organization.

    • Actions that you want the rule to take automatically when content matching the conditions is found - for example, block access to the document and send both the user and compliance officer an email notification.

You can use a rule to meet a specific protection requirement, and then use a DLP policy to group together common protection requirements, such as all of the rules needed to comply with a specific regulation.

Whenever a DLP rule applied to Exchange Online is violated, an administrator should be instantly notified of the violation, with details of the rule/policy that was violated and the email sender/receiver who violated it. Administrators can easily and efficiently investigate DLP violations when they have access to this information. This is exactly the kind of assistance the EXODlpTest test provides to administrators!

This test monitors the email traffic over Exchange Online, instantly captures traffic that violates any of the DLP rules that apply to the Exchange Online location, and promptly alerts administrators to such violations. Detailed diagnostics reported by the test provide the complete details of each violation, thereby enabling administrators to accurately identify the rules and policies that were violated, the emails that violated the rules and policies, and the senders and receivers responsible for the same. This information helps administrators investigate and take appropriate action against the violations.

Outputs of the test : One set of results for the Office 365 tenant being monitored.

The measures made by this test are as follows:

Measurement Description Measurement Unit Interpretation
DLP_detect Indicates the number of DLP rules that were violated. Number Ideally, the value of this measure should be 0. A non-zero value implies that one/more DLP rules have been violated. In this case, you can use the detailed diagnosis of this measure to know which emails violated the rules, which rules were violated, which policies these rules belong to, and which senders and receivers violated them.

Unique_senders Indicates the number of unique senders who violated one/more DLP rules. Number Use the detailed diagnosis of this measure to know the senders of emails that violated a DLP rule.
Unique_receiver Indicates the number of unique receivers who violated one/more DLP rules. Number Use the detailed diagnosis of this measure to known who were the receivers of emails that violated one/more DLP rules.