11.2 Understanding Data Policy Detections

Detections of policies and controls can be triggered by manually running detections, by predefining a schedule, or by specifying events. Authorized administrators can specify collection, publication, and user curation as the events that trigger detections.

Based on the data policy, administrators can define remediations for violations. The number of detections will vary depending on the event type and the frequency of the events. For example, when you select user curation, each user curation will trigger a data policy detection. In the case of two curations with very little interval between them, two detections will be started sequentially. This might result in zero violations or a fewer number of violations because the previous detection might have already calculated it as a violation and saved that record to the database.

Authorized administrators can delay data policy detections and remediation runs that are automatically triggered after User, Permission, or Account curation using com.netiq.iac.datapolicy.detection.trigger.delay.minutes and com.netiq.iac.remediation.run.delay.minutes configuration properties. Note that these properties should be in minutes. To configure these properties, contact your SaaS Operations Administrator.

The number of detections will also depend on the remediation status. The Last Detected Items and Open Items columns on the Data Policy Collection or Publication tabs might not present the latest counts when remediation runs automatically after detection. Remediation takes time to process and update counts. For example, if 10 items were detected and remediated automatically after detection, then it will be 10 last detected items and 0 open items after a remediation run. If remediation was not set, then it will be 10 last detected items and 10 open items. If 2 of the detected items were resolved manually, then it will be 10 detected items and 8 open items.

You can view all previous detections by editing a policy and clicking Show All Detections. You can also view the most accurate count of all open and resolved items by clicking the data policy name, then clicking Show open and resolved items.