# DLP Incident Analytics & Trending
**Objective:** Analyze historic DLP alert data to identify high-risk departments and attack vectors.

### Dependencies
`pip install pandas matplotlib seaborn`

In [1]:
import pandas as pd
import matplotlib.pyplot as plt
import seaborn as sns

# Simulating an export from Symantec/Forcepoint DLP
data = {
    'Timestamp': ['2024-10-01 08:00', '2024-10-01 09:15', '2024-10-01 10:30', '2024-10-02 14:00', '2024-10-02 16:45', '2024-10-03 11:20'],
    'Policy_Name': ['PCI-DSS-Block', 'Code-Source-Block', 'PII-Monitor', 'PCI-DSS-Block', 'Code-Source-Block', 'GDPR-EU-Block'],
    'Target_Channel': ['HTTPS', 'USB', 'Email', 'HTTPS', 'GitHub', 'Email'],
    'Department': ['Sales', 'Engineering', 'HR', 'Sales', 'Engineering', 'Legal'],
    'Severity': ['High', 'Critical', 'Low', 'High', 'Critical', 'Medium']
}

df = pd.DataFrame(data)
df['Timestamp'] = pd.to_datetime(df['Timestamp'])
df.head()

### Visualizing Attack Vectors

In [2]:
plt.figure(figsize=(10, 6))
sns.countplot(x='Target_Channel', data=df, hue='Severity', palette='viridis')
plt.title('DLP Incidents by Channel & Severity')
plt.ylabel('Number of Incidents')
plt.show()

### Risk by Department
Engineering shows the highest number of **Critical** incidents, correlating with Source Code exfiltration risks.

In [3]:
pivot = pd.crosstab(df['Department'], df['Severity'])
pivot.plot(kind='bar', stacked=True, color=['red', 'orange', 'yellow'])
plt.title('Department Risk Profile')
plt.show()