A few cases were not detected by Signatures or Expressions.

When a custom pattern in DLP is defined as RegEx with a range at its end, it might generate multiple events for the same matched data. 

DLP forensics events might show a wrong ‘action’ value – “Security Page”. 

Adding excludes for DLP are sometimes not available from the Forensics view. 

Policy names appeared to be editable even though they cannot be modified after creation.