Alerts¶
Alerts highlight policy‑relevant events such as repeated violations or important user actions.
Open Alerts to review recent items, filter by tenant or category, and mark items as acknowledged when handled. Use alerts to quickly see where additional guidance or a policy adjustment may be needed.
Platform Filter¶
Use the platform filter dropdown on any dashboard to narrow results to specific client platforms. The dropdown appears to the left of the date picker and lets you select one or more platforms:
- Browser Extension - alerts from Chrome/Edge browser extension
- Outlook Add-in - alerts from the Outlook email add-in
- Microsoft Teams - alerts from server-side Teams DLP monitoring
By default all platforms are selected. When you deselect a platform, all widgets on the dashboard update immediately to exclude data from that platform.
Alert Types¶
PolicyClue generates the following alert types:
| Alert Type | Description |
|---|---|
policy_hit |
Policy was hit (e.g., block policy access or post-training access) |
policy_delayed |
Policy was delayed by the user and will be shown again later |
dlp_match |
Text input matched a DLP regex pattern |
dlp_file_match |
File upload matched a DLP regex pattern |
dlp_override |
User chose to override a DLP warning with justification |
dlp_block_appeal |
User submitted an appeal reason on a blocked DLP detection (mode 3) |
security_vulnerability_detected |
A security vulnerability was detected for a browser (Security add-on) |
security_phishing_indicated |
A potential phishing site was indicated (Security add-on) |
security_phishing_blocked |
User was blocked from accessing a phishing site (Security add-on) |
security_phishing_warning_dismissed |
User dismissed phishing warning and proceeded (Security add-on) |
security_download_warned |
A download warning was displayed to the user (Security add-on) |
security_download_blocked |
A file download was blocked by a download filter (Security add-on) |
security_download_warning_dismissed |
User dismissed a download warning and proceeded (Security add-on) |
security_attachment_warned |
An attachment extension matched a download filter and the user was warned (Outlook add-in) |
security_attachment_blocked |
An attachment extension matched a download filter and was blocked (Outlook add-in) |
phishing_reported |
A user reported an email as phishing via the Outlook add-in (Phishing module) |
Security-related alert types require the Security add-on to be enabled for the tenant.
File downloads and uploads are tracked on the Download Guard dashboard. Recorded user input is available on the GenAI Prompt Logs dashboard.
Comments¶
Alerts support a comment thread where administrators can add notes, observations, or follow-up actions. Key points:
- Multiple comments per alert - any number of administrators can contribute to the discussion on a single alert.
- Author and timestamp - each comment records who wrote it and when, so the full conversation history is always clear.
- Immutable - comments cannot be edited or deleted after they are saved. This preserves an accurate record of the investigation.
- Audit trail - adding a comment is logged in the Audit Log with the author's identity, so comment activity is visible alongside other administrative actions.
Attachments¶
Alerts can carry file attachments (e.g. a reported .eml email). Attachments are stored in Elasticsearch and can be viewed and downloaded from the alert inspector. If sandbox integration is configured, attachments are automatically submitted for analysis and assigned a risk score.