Is there a way to limit how much of the incident detail is retained?

Article Id: 159786

Status: Published

Updated On: 23-01-2014 22:18

Legacy Id: TECH219637

Products:

Data Loss Prevention Endpoint Prevent , Data Loss Prevention Network Monitor , Data Loss Prevention Network Prevent for Email , Data Loss Prevention Enforce , Data Loss Prevention Network Discover , Data Loss Prevention Network Prevent for Web , Data Loss Prevention Network Protect , Data Loss Prevention Endpoint Discover

Issue/Introduction:

How can you limit the retained incident data, for example the SMTP message that triggered an incident?

Resolution:

Set up a response rule to limit the retained data:

- Create a response rule
- Set the action to "All: Limit Incident Data Retention"
- Enable "Discard Original Message" and select which data can be deleted ( all, attachments w/ no violations, none )

Listed below are the default behaviors for the various DLP Servers:

Endpoint and Endpoint Discover: does not retain original file by default
Network Discover: There is no way to retain the original file
All other Servers: Default behavior is to retain everything