Skip to main content

View sensitive findings flagged by policies

Glean Protect+
Prerequisites

Only users with the Super Admin or Sensitive Content Moderator roles can create or view policies.

Sensitive issues

The sensitive issues dashboard is the central place to monitor and manage matches your sensitive content policies have flagged. Each entry in the dashboard is a single issue, which represents a unique document–policy pair. For example, if a document is flagged by three policies (A, B, C), Glean creates three separate issues (iA, iB, iC), each scoped to one policy and the findings that policy detected on that document.

This lets you triage what each policy flagged independently. The findings, severity, and detectors shown on an issue are always scoped to its policy.

When you open an issue, you can review:

  • Findings detected by that policy on the document, with surrounding text
  • Document ID, an internally generated ID that is prefixed with the data source the document belongs to
  • Viewing URL of the document
  • Email of the document owner, when known
  • Email of the owner department, when known
  • Accessibility level:
    • Domain accessible: Shared with all users in the organization
    • Accessibility count above given threshold: Shared with over N users, where N is the value chosen in the report setting
    • Anonymously accessible with link: Accessible to anyone with link
    • Anonymously searchable: Searchable and accessible to anyone
  • Container name (for example, folder)
  • Document type
  • Data source
  • Document last updated timeframe
  • Issue status
  • Issue assignee

Triage with the built-in case management system

Each issue works like a lightweight ticket, so you can run a structured triage workflow without leaving the dashboard:

  • Assign owners: Assign an issue to a specific user so it's clear who is responsible for resolving it
  • Track progress with statuses: Move issues through their lifecycle as work happens. See Issue statuses for details.
  • Bulk update: Select multiple issues that match a filter (for example, every open issue assigned to a particular reviewer for one policy) and update their status or assignee in a single action

This makes it easier to split work across reviewers, run focused triage queues per policy, and track issues to resolution.

Use the toolbar above the dashboard to narrow the list of issues to a focused set:

  • Search: Enter a keyword to match across an issue's title, document ID, container, owner, and department.
  • Status: Filter by issue status.
  • Severity: Filter by severity level.
  • Policy: Filter by the policy that raised the issue.
  • Info type: Filter by the info type that matched.
  • Regex ID: Filter by the custom regex pattern that matched.
  • Data source: Filter by the data source the document came from.
  • Visibility: Filter by how broadly the underlying document is shared.
  • Assigned to: Filter by the user assigned to the issue.
  • Created: Filter by when the issue was created.

Filters compose with each other and with the search box, so you can stack them to focus on exactly the slice of issues you need — for example, every OPEN, high-severity issue from one data source assigned to a specific reviewer.

Issue statuses

Each issue has one of the following statuses:

StatusSet byDescription
OPENSystemApplied when a new issue is detected, or when an existing issue is updated with new findings
IN_PROGRESSUserA reviewer has picked the issue up and is actively working on it
CLOSEDUserA reviewer has manually closed the issue
RESOLVEDSystemApplied automatically when all findings on an existing issue have been resolved

Take action on sensitive documents

  1. Archive the findings within the document if you want to filter it out of the dashboard.
  2. Hide this document from Glean search if it has genuinely sensitive information.
  3. Exclude the terms from future scans if they are benign and you don't want similar future findings.

Sensitive Findings Insights

The Sensitive Findings Insights dashboard provides a high-level statistical view of all findings and documents flagged by your sensitive policies. This dashboard includes the following panels:

  • Total findings: The aggregate count of all sensitive findings detected.
  • Total documents with findings: The number of unique documents containing one or more findings.
  • Findings trend: A visualization of total findings over configurable time windows (past week, past month).
  • Findings by info-type: Distribution of findings across different info-types and regex patterns configured in your policies.
  • Documents by severity: Distribution of documents across severity levels (low, medium, high).
  • Findings and documents by datasource: Breakdown of findings and documents by their originating data sources.
  • Findings and documents by policy: Distribution of findings and documents across your configured policies.

All panels support filtering by severity, policy, and visibility to help you narrow down your insights.

note

Statistics on this dashboard are updated every 6 hours.

Exporting and downloading sensitive findings

You can export the current view of the dashboard, including all applied filters, to a JSONL file for offline analysis or integration with external systems.

To export your findings:

  1. Apply the desired filters to the dashboard to narrow down the findings you want to export.
  2. Initiate the export. The export process typically takes 5–10 minutes to complete.
  3. Track the progress in the Exports sidebar.
  4. Once complete, download the JSONL file from the Exports sidebar.

Export format

The exported file uses the JSONL (JSON Lines) format, where each line represents a single document as a JSON object. You can iterate through this file line by line using a simple Python script with built-in JSON readers to process each detected document. The following example illustrates a single line in the exported file:

{
  "docId": "docId123",
  "reportIds": ["123"],
  "findings": [
    {
      "findingId": "456",
      "matchedRuleType": "BUILT_IN",
      "matchedRuleValue": "PASSWORD",
      "quote": "hello",
      "reportId": "456"
    }
  ],
  "detectedTimestamp": "1765795145000",
  "ownerEmail": "owner_email_unknown",
  "ownerDepartment": "owner_department_unknown",
  "sharingLevel": "BROADLY_SHARED",
  "docType": "WebPage",
  "datasource": "CUSTOM_DATASOURCE",
  "docLastUpdatedAt": "1761109200000",
  "documentAccessibility": "PUBLIC_VISIBLE",
  "severityAnalyses": [
    {
      "reportId": "456",
      "severity": "HIGH"
    }
  ],
  "visibilityOverride": "HIDE_ALL"
}
note

Exported files are available for download for one week. After this period, the file is automatically deleted and must be regenerated if needed.

Was this page helpful?
Last updated on
© 2026, Glean Technologies, Inc.