Automatically Set Incident Details in the Sanctioned DLP Policy Builder
In the Sanctioned DLP Policy Builder, you can now automatically set an Incident's default Status, Owner, and Resolution Action as you write your policy. For details see, Create or Edit a Sanctioned DLP Policy. For more information, see Incident Status Precedence.
Policy Incidents Large File Download
On the Incidents > Policy Incidents page, in the Item Name table row or Cloud Card, you can click to download the file that generated the incident. Previously, files over 60 MB were not supported, but now they are. For details, see Large File Download.
Upload Activities Count
On the Analytics > Users page, the Upload Activities count is now consistent across the Users page and Upload Activities Modal. For details, see About Users.
Auto-Remediation of SharePoint Incidents
Auto-remediation is a triggered response to a policy violation. It is an automated approach to security, applying the appropriate response to a vulnerability in your SharePoint deployment. SharePoint Config Audit Policy supports both Manual Remediation and Auto-Remediation. You can choose the required remediation to reduce malicious activities on your SharePoint application. For details, see Auto-Remediation of SharePoint Incidents.
New Resource Attribute for Azure
On the Policy > Config Audit > Create Security Config Audit > Rules & Exception page, the resource type Azure Virtual Machine supports the new resource attribute “encryptionAtHost” to identify and audit whether the encryption at the host is enabled or not.
New Resource Type for AWS
On the Policy > Config Audit > Create Security Config Audit > Rules & Exception page, the new resource type Cloud Watch Log Group is supported for AWS.