The alert "Error 1802: Corrupted incident received" occurs under Recent Events in the Data Loss Prevention (DLP) Enforce server.
Incidents are becoming corrupted due to insufficient space in the tablespace DLP uses to store incident data:
You can run the following command to rename all the files at once:
rename *.bad *.idcNote: If you see incidents from some detection servers that are being stored normally, the cause is unrelated to a tablespace issue and the cause is likely due to a configuration issue on the affected detection servers. See WebPrevent block message causing Incidents to not show up in UI.