Relevant versions: ALL
It is important to keep in mind that the most critical information - the cracked content, message body, and attachments - is encrypted in the database. The link between the encryption key and the record is managed by Symantec's DLP application - so even a “rogue” DBA going into Oracle directly without using Symantec's DLP application will get access to encrypted content, but will not have access to the keys needed to decrypt the content because this is managed by the DLP application.
Deletion of incidents in Oracle is essentially a 2 step process.
- V8 and up: to run at the first occurrence of Midnight after the Manager is started, and then every 24hrs.
- Below V8: Every 24 hours after restarting the Manager service. For example, if you restart the Manager service at 9am, it will run at 9am the next day, and approximately 9am the following morning.