Define filters to apply for the Incident creation

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 1 min. de leitura

    • Define and set filter conditions to filter the incoming  DLP  alerts. Determine the alerts that should be created as DLP incidents in ServiceNow.

    Antes de Iniciar

    Role required: sn_dlir.admin

    Por Que e Quando Desempenhar Esta Tarefa

    Filtering helps you to isolate DLP alerts and to limit the number of DLP alerts that you create. If additional filtering criteria are set, only alerts that match the conditions are created.

    Procedimento

    1. Select Post Incident Ingestion Filter check box to apply the post incident ingestion filters and retrieve the incidents that match the filter criteria.
    2. Select the Filter based on conditions option and define the criteria that an incoming ICAP DLP incident must satisfy so that a DLP incident is created.
    3. Set the filters in the Filter Conditions field.

      The options in the drop down Filter Conditions match the fields that are available in the ICAP DLP incident import table. The criteria that you enter are case-sensitive. Verify that the criteria you define match the values of the incident.

    4. Add more conditions by clicking  AND  or  OR.
      • If  AND  is selected, all conditions must be matched.
      • If  OR  is selected, either condition can be matched.
      ICAP DLP Filtering section.

    O que Fazer Depois

    To configure the schedule, click Continue.