How to change value of maximum incidents for any given policy per time period

book

Article ID: 160397

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

How to change or increase the value for maximium number of incidents for any given policy per 24-hr time period.

Resolution

Relative to all Symantec DLP.

Use the Advanced settings page for each Detection Server. This value is changeable on a per server basis:

Login to the Enforce UI and go to the Administration Tab -> System Overview -> System Detail -> Advance Configuration Page. 

Change the value for IncidentDetection.MaxIncidentsPerPolicy

Note: This value defines the maximum number of incidents detected by a specific policy on a particular detection server within the time-frame specified in the IncidentDetection.IncidentTimeLimitResetTime. The default is 10,000 incidents per policy per time limit.

Note: Use caution when modifying the settings on the server. It is recommended that you check with Symantec DLP Support before changing any of the settings on this page. Changes to these settings normally do not take effect until after the server has been restarted.

There are no advance settings on the Enforce Server that can be modified from its server detail screen.

Additional Information

IncidentDetection.MaxIncidentsPerPolicy
1000
Defines the maximum number of incidents detected by a specific policy on a particular detection server within the time-frame specified in the IncidentDetection.IncidentTimeLimitResetTime. The default is 10,000 incidents per policy per time limit.

IncidentDetection.IncidentLimitResetTime
86400000 (equals one day)
Specifies the time frame (in milliseconds) used by the IncidentDetection.MaxIncidentsPerPolicy setting.

Consult the online help on the Advanced settings page if additional information is needed.