How to investigate DLP violation-content attachment

I recently turned on a very basic, monitor-only DLP policy in my ZIA console. The Auditor Template that I am using sends me an email notification whenever there is a DLP violation and attaches the content of the violation in a file named “violation-content”. My question is - how do I investigate this violation-content file to figure out if it was a true positive or not? Is there a good tool to parse the format? I used Notepad++ but it’s very difficult to read and search through it. For example, if the violation says that there were 10 social security numbers found in the violation content, how can I locate those SSNs in the file?