The customer has a requirement to change the status of a significant number of DLP incidents, possibly extending into millions of incidents, it is not possible to perform this operation via the UI in one go due to product limitations, it may be possible to perform the operation by changing the status of much smaller batches of incidents but this may prove to be extremely time consuming. The customer is looking for a quick and effective solution.

All versions of DLP.

In general we do not support customers in direct manipulation of data in the DLP database using SQL queries unless the circumstances are exceptional. That being said we do come across these requests from our large customer periodically and a blanket refusal to help may not be well received, given that the SQL to perform the change is relatively simple we might be in a position to provide the below example to the customer on the understanding that they perform this action entirely at their own risk and should any problems arise out of the performing the action they will need to restore from the last known good backup.

If this is not acceptable to the customer then the recommendation is to perform the operation via the UI in small batches of incidents or alternatively open a ticket with engineering and submit the request to have the operation approved by them.