Archived Incidents Remain in Same Table

book

Article ID: 160414

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Incident archiving lets you flag specified incidents as "archived." Because these archived incidents are excluded from normal Incident reporting, you can improve the reporting performance of your Symantec Data Loss Prevention deployment by archiving any incidents that are no longer relevant, however you want to know what happens to those Incidents which are archived.

Resolution

Archived Incidents remain in the database; they are not moved to another table, database, or other type of offline storage.

There is flag which sets the Incident field “IsArchived” to 1 when and the Incident is archived. Essentially incident archive removes the incident from a user’s visibility but does not actually compress or remove it from the database.

An alternative option to using the Incident Archive is to use the Web Archive which can be used to export incidents via the Enforce console to disk as a sort of backup or data retention option, then you can potentially delete the incident from the  Enforce Server administration console .

 

More details on the options available for archiving:

You can set filters on incident reports in the Enforce Server administration console to display only archived incidents or to display both archived and non-archived incidents. Using these reports, you can flag one or more incidents as archived by using the Archive options that are available when you select one or more incidents and click the Incident Actions button. The Archive options are:

 ■ Archive Incidents-Flags the selected incidents as archived.
 ■ Restore Incidents-Restores the selected incidents to the non-archived state.
 ■ Do Not Archive-Prevents the selected incidents from being archived.
 ■ Allow Archive-Allows the selected incidents to be archived.

The archive state of an incident displays in the incident snapshot screen in the Enforce Server administration console. The History tab of the incident snapshot includes an entry for each time the Do Not Archive or Allow Archive flags are set for the incident.