How to configure Symantec DLP to not store incident attachments in the database for DIM

book

Article ID: 160808

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention Network Discover

Issue/Introduction

You want to see the incident data but not store the violating or non-violating file attachments.

Resolution

Set up an automated response rule for "Limit Incident Data Retention" and choose to keep or discard the original message, as well as the attachments.

To set up this Response Rule:

  1. Under Policies, select Response Rules -> Add a Response Rule.
  2. Select Automated Response and Click Next
  3. Under General, name your rule and input a description
  4. Under Actions, Select Limit Incident Retention from the drop down menu and click the Add Action button
  5. Choose the desired actions for this rule (i.e. discard original email, discard attachment, etc.)
  6. Click Save

Add this Response Rule to the specific policies to be incorporated under this Rule.