When are incidents deleted from the database?

book

Article ID: 159889

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

In the Enforce UI incidents are marked for deletion. On a regular basis another process purges the marked incidents from the database.

Environment

Please note - the steps in this article apply to DLP versions prior to 12.0. In DLP 12.5 and higher, the incident deletion process has changed, with many options available in the Enforce Manager console. Please see the relevant release of the DLP Administrator Guide for more details.

Resolution

Incidents deleted within the UI are purged from the Oracle database on a regular interval.

The interval is controlled by the manager.properties

com.vontu.manager.system.IncidentDeletion.delay=21600000
com.vontu.manager.system.IncidentDeletion.period=86400000

Both property values are milliseconds.

The delay value is how long after the Enforce starts that the first purge occurs.

The period value specifies how long after the first purge (and all subsquent purges) the next purge will occur.

The above values specify a delay of 6 hours before the first purge,

(6 hours * 60 min/hour * 60sec/min * 1000msec/sec  = 21600000 msec)

and a period of 24 hours.

(24 hours * 60 min/hour * 60sec/min * 1000msec/sec  = 86400000 msec)

If the Enforce Server is started at 5PM, the initial incident purge will occur 6 hours later, at 11 PM that day.  All subsequent purges will occur 24 hours later, or 11 PM every day.


NOTE:  Message components (attachments) are deleted when the related incidents are deleted.