How can you limit the retained incident data, for example the SMTP message that triggered an incident?
Set up a response rule to limit the retained data:
- Create a response rule
- Set the action to "All: Limit Incident Data Retention"
- Enable "Discard Original Message" and select which data can be deleted ( all, attachments w/ no violations, none )
Listed below are the default behaviors for the various DLP Servers: