bidsi01

CA DLP Tuesday Tip - Understanding the "Incident Rate by Policy" Report.

Discussion created by bidsi01 Employee on Sep 13, 2011
CA DLP Tuesday Tip by Simon Biddle, Snr. Support Engineer for 13 September 2011

The "Incident Rate By Policy Report" is available in the reports.msi installation source image which ships with CA DLP r12.5 This report shows a breakdown of all the policies that have been triggered over a specified period, showing their counts as a percentage of all events processed. By default, it includes all policies, but it can be refined to focus on just a subset.

It calculates percentages based on all events in the database captured over the specified period.

You should note that the "Incident Rate by Policy" Report can exceed 100%. This is because the percentage is calculated for Policy X as Number of events for Policy X/Total number of Events, but the Total number of events is a distinct event count. Therfore if mulitple policies are fired against a single event it will have the correct count against each policy and the resulting percentage of events that have fired that policy will be correct. However when attempting to sum the percentages they will not necessarily result in 100%.

Outcomes