Incident Persister stages overview
search cancel

Incident Persister stages overview


Article ID: 215262


Updated On:


Data Loss Prevention Data Loss Prevention Enforce


Here is an overview of the DLP Incident Persister service stages.


IDC files (incidents) arrive at Enforce via the Symantec DLP Detection Server Controller service, are written to the C:\ProgramData\Symantec\DataLossPrevention\ServerPlatformCommon\<ver>\incidents directory, get picked up by the Symantec DLP Persister service and go through the following 3 stages while being processed:

  1. Persistence
    IncidentPersisterThread persists incidents to the Incident/Message tables.

  2. Processing
    1. Associates Network Prevent incidents to DataUser records where
      1. Users have been imported from LDAP.
      2. The Domain Controller Agent has been implemented
    2. Associates Discover incidents to Discover Walk records.

  3. Command
    • Executes Enforce Flex Response Rules
    • Performs Custom Incident Attribute Lookups. AKA "post-processing", AKA "incident enrichment".

Additional Information