Effects of disabling DLP policies in ICA
search cancel

Effects of disabling DLP policies in ICA

book

Article ID: 184771

calendar_today

Updated On:

Products

Information Centric Analytics Data Loss Prevention Core Package

Issue/Introduction

What are the consequences of disabling one or more Symantec Data Loss Prevention (DLP) policies in Information Centric Analytics (ICA)? Is any information lost or purged? If policy performance and remediation metrics were previously generated, will those be lost? If the policies are re-enabled, will ICA resume generating those metrics? Will incidents skipped while the policy was disabled be imported into ICA after the policy has been re-enabled?

Environment

Version : 6.x

Component : Symantec DLP Integration Pack

Resolution

No historical information is lost or purged when a DLP policy is disabled in ICA; however, incidents generated by that policy will not be processed into ICA while the policy is disabled. Additionally, once a policy is re-enabled, metric collection will not include values for the period of time in which the policy was disabled, nor will previously skipped incidents be imported into ICA.

For assistance with importing skipped incidents after re-enabling a policy, contact Broadcom support.