search cancel

How to configure Symantec DLP to not store incident attachments in the database for DIM


Article ID: 160808


Updated On:


Data Loss Prevention Enforce Data Loss Prevention Network Discover


You want to see the incident data but not store the violating or non-violating file attachments.


Set up an automated response rule for "Limit Incident Data Retention" and choose to keep or discard the original message, as well as the attachments.

To set up this Response Rule:

  1. Under Policies, select Response Rules -> Add a Response Rule.
  2. Select Automated Response and Click Next
  3. Under General, name your rule and input a description
  4. Under Actions, Select Limit Incident Retention from the drop down menu and click the Add Action button
  5. Choose the desired actions for this rule (i.e. discard original email, discard attachment, etc.)
  6. Click Save

Add this Response Rule to the specific policies to be incorporated under this Rule.