What are the consequences of disabling one or more Symantec Data Loss Prevention (DLP) policies in Information Centric Analytics (ICA)? Is any information lost or purged? If policy performance and remediation metrics were previously generated, will those be lost? If the policies are re-enabled, will ICA resume generating those metrics? Will incidents skipped while the policy was disabled be imported into ICA after the policy has been re-enabled?
Version : 6.x
Component : Symantec DLP Integration Pack
No historical information is lost or purged when a DLP policy is disabled in ICA; however, incidents generated by that policy will not be processed into ICA while the policy is disabled. Additionally, once a policy is re-enabled, metric collection will not include values for the period of time in which the policy was disabled, nor will previously skipped incidents be imported into ICA.
For assistance with importing skipped incidents after re-enabling a policy, contact Broadcom support.