Error: Policy limit reached; no longer being enforced - 10,000 messages

book

Article ID: 160489

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Policy limit reached; no longer being enforced - 10,000 messages

Resolution

This error indicates that a particular policy has generated 10,000 incidents in a single day. It is intended to alert you to the fact that incident volume is very high and may affect performance of your Vontu software. This is usually an indication that the policy may be in need of refinement, either by making it more restrictive or by breaking it into a few smaller policies.

This limit will be reset any time you save the policy again, whether you make changes to it or not. Vontu recommends considering changes to this policy (adding exceptions for internal domain names, adding more keywords to the filter, etc.) to reduce the number of incidents before running the policy again.

If there is a true need to leave the policy as is, there are ways to control this behavior via the following advanced settings:

IncidentDetection.IncidentLimitResetTime:

Specifies the time frame used by the IncidentDetection.MaxIncidentsPerPolicy setting. Default is 1 day as specified in milliseconds (86400000).

IncidentDetection.MaxIncidentsPerPolicy

Defines the maximum number of incidents which are detected by a specific policy on a particular monitor within the time-frame specified in the IncidentDetection.IncidentTimeLimitResetTime. The default is 10,000 incidents per policy per time limit.