Define filters to apply for the Incident creation

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 2분

    • Define and set filter conditions to filter the incoming  DLP  alerts. Determine the alerts that should be created as DLP incidents in ServiceNow.

    시작하기 전에

    Role required: sn_dlir.admin

    이 태스크 정보

    Filtering helps you to isolate DLP alerts and to limit the number of DLP alerts that you create. If additional filtering criteria are set, only alerts that match the conditions are created.

    프로시저

    1. Select Post Incident Ingestion Filter check box to apply the post incident ingestion filters and retrieve the incidents that match the filter criteria.
    2. Select the Filter based on conditions option and define the criteria that an incoming ICAP DLP incident must satisfy so that a DLP incident is created.
    3. Set the filters in the Filter Conditions field.

      The options in the drop down Filter Conditions match the fields that are available in the ICAP DLP incident import table. The criteria that you enter are case-sensitive. Verify that the criteria you define match the values of the incident.

    4. Add more conditions by clicking  AND  or  OR.
      • If  AND  is selected, all conditions must be matched.
      • If  OR  is selected, either condition can be matched.
      ICAP DLP Filtering section.

    다음에 수행할 작업

    To configure the schedule, click Continue.