External Incident Storage
Article ID: 276213
Updated On:
Products
Data Loss Prevention
Data Loss Prevention API Detection for Developer Apps Virtual Appliance
Data Loss Prevention API Detection Virtual Appliance
Data Loss Prevention Cloud Detection Service
Data Loss Prevention Cloud Detection Service for ICAP
Data Loss Prevention Cloud Detection Service for REST
Data Loss Prevention Cloud Package
Data Loss Prevention Cloud Prevent for Microsoft Office 365
Data Loss Prevention Cloud Service for Discovery/Connector
Data Loss Prevention Cloud Service for Email
Data Loss Prevention Cloud Storage
Data Loss Prevention Core Package
Data Loss Prevention Data Access Governance
Data Loss Prevention Discover Suite
Data Loss Prevention Endpoint Discover
Data Loss Prevention Endpoint Prevent
Data Loss Prevention Endpoint Suite
Data Loss Prevention Enforce
Data Loss Prevention Enterprise Suite
Data Loss Prevention for Mobile
Data Loss Prevention for Office 365 Email and Gmail with Email Safeguard
Data Loss Prevention Form Recognition
Data Loss Prevention Network Discover
Data Loss Prevention Network Email
Data Loss Prevention Network Monitor
Data Loss Prevention Network Monitor and Prevent for Email
Data Loss Prevention Network Monitor and Prevent for Email and Web
Data Loss Prevention Network Monitor and Prevent for Web
Data Loss Prevention Network Prevent for Email
Data Loss Prevention Network Prevent for Email Virtual Appliance
Data Loss Prevention Network Prevent for Web Virtual Appliance
Data Loss Prevention Network Protect
Data Loss Prevention Network Web
Data Loss Prevention Oracle Standard Edition 2
Data Loss Prevention Plus Suite
Data Loss Prevention Sensitive Image Recognition
Data Loss Protection Oracle Standard Edition
Issue/Introduction
Considerations when deciding on when to enable External Incident Storage.
Cause
Reasons to use External Incident Storage:
- Allows you to store incident attachments such as email messages or documents on a file system rather than inside the database.
- Saves a great deal of space in your database, which results in faster and easier database actions such as backup and restore.
- Can be stored locally on the server, or can be stored on a remote computer
Reasons to use Internal Database Storage:
- Once the data has been stored outside of the database it cannot be brought back into the database.
- If you use a remote storage location to store your External Incident Data and you lose connection to that drive, it will be unable to use/load that data.
- You need 100% availability on any external storage used.
Resolution
For instructions to enable External Incident Storage please use the link below.
Required:
- Enforce (and the database) are in near-constant contact with external storage. You need 100% Availability on any external storage (High Availability).
- It will require as much storage space as it is currently using for existing database storage (plus all new incident data).
Best Practices:
- DO NOT place your external storage under the "/Symantec/DataLossPrevention/" folder (aka "/SymantecDLP/", or if you installed it in a custom location, do not place it inside the installation location).
- DO NOT place your external storage under the "Archives" directory.- Ensure that both the Enforce Server and your External Storage server are in the same Domain.- Create a "protect" user with the same password as your Enforce Server "protect" user to use with your external storage directory.
- DO NOT use a symlink from a folder on Enforce to the external storage location, use the direct UNC path.
- If you are using an MS Windows system for external storage, share the directory with Read/Write permissions with the external storage "protect" user.
- If you are using a Linux system for external storage, change the owner of the external storage directory to the external storage "protect" user.
Feedback
Yes
No
Powered by
