DLP pulls MVISION Cloud incidents periodically from the MVISION Cloud and displays them in the DLP Incident Manager. Some of the MVISION Cloud incident properties use names that differ from the names used by incident properties in DLP Incident Manager. This article maps out the MVISION Cloud incident properties to their DLP Incident Manager equivalent. This mapping ensures consistency across all DLP incidents that are triggered by DLP Endpoint, DLP Prevent, or MVISION Cloud Service.
 

• MVISION Cloud Incidents reported with On Demand Scan activity are shown in the DLP Incident Manager. They are shown as Discovery Incident under the Data at rest (Network) section.
• Any MVISION Cloud Incidents that are not reported with On Demand Scan activity, and with Service Name Microsoft Exchange Online or Gmail, are shown in the DLP Incident Manager. They are shown as Email Protection Incident under the Data in-use/motion section.
• All other MVISION Cloud incidents are shown in the DLP Incident Manager as Cloud Protection Incident under the Data in-use/motion section.

Skyhigh and DLP products have different Incident terms that are mapped according to the following logic:
 

MVISION Cloud Incident Property Name	DLP Incident Property Name
Rule Set Not applicable in MVISION Cloud	Rule Set All MVISION Cloud incidents marked as “MVISION Cloud Imported Rules.”
Incident Type Not applicable in MVISION Cloud	Incident Type Check the above section for an explanation of the different Incident types.
Policy	The MVISION Cloud policy value is equivalent to the DLP rule name.
Policy– Not applicable in MVISION Cloud.	Policy – This ePO terminology is also used by DLP. It is used in the same way as other McAfee managed products use this term on the ePO Policy Catalog. “Policy” in ePO is a set of configurations that is pushed to the managed product on the endpoint system. For DLP, “policy” is a list of DLP Rule Sets and some additional configurations that are pushed to DLP Prevent, DLP Monitor and all other DLP products.
Actual Action Not applicable in MVISION Cloud	Actual Action Represents the original action taken on the violated item.
Last Response	Each response or change made by users on the Skyhigh Incident are reflected under the Audit Log tab in the DLP Incident detail page.
Severity	Severity MVISION Cloud severity Low -> DLP severity Warning MVISION Cloud severity Medium -> DLP severity Minor MVISION Cloud severity High -> DLP severity Major
External ID Not applicable in MVISION Cloud	External ID Provides link to the MVISION Cloud console.
Last Updated	Modification Date (UTC) Can be found under the Audit Log tab and represents the changes made on the incidents.
User	User Primary Email The email address that identifies the user that performed the violation.
Owner	Reviewer An external User (MVISION Cloud user) which is assigned to the incident.
Email Content Sent, From, To, Cc, Bcc, Subject	Additional Information Occurred (UTC), From, To, Cc, Bcc, Subject
Content Item Name, Item Type, Path, Size, Created On	All reported Content items called “Evidences” in DLP Incident Manager and located under the Evidence Tab. Evidence Name, Item Type, Path, File Size (KB) Created on – No such term in DLP.
Matches	Evidence tab Match Count – Reflects number of matches Short Match String – Shows the highlighted text shown in the MVISION Cloud matches section.
Scan Scan Name, Scan Run Date	This information is relevant for the On Demand Scan incidents only. The information is shown under General Details section, as Scan Name and Scan Start (UTC)