How to configure Symantec DLP to not store incident attachments in the database for DIM
Article ID: 160808
Data Loss Prevention Enforce
Data Loss Prevention Network Discover
You want to see the incident data but not store the violating or non-violating file attachments.
Set up an automated response rule for "Limit Incident Data Retention" and choose to keep or discard the original message, as well as the attachments.
To set up this Response Rule:
Under Policies, select Response Rules -> Add a Response Rule.
Select Automated Response and Click Next
Under General, name your rule and input a description
Under Actions, Select Limit Incident Retention from the drop down menu and click the Add Action button
Choose the desired actions for this rule (i.e. discard original email, discard attachment, etc.)
Add this Response Rule to the specific policies to be incorporated under this Rule.