Data Loss PreventionData Loss Prevention API Detection for Developer Apps Virtual ApplianceData Loss Prevention API Detection Virtual ApplianceData Loss Prevention Cloud Detection ServiceData Loss Prevention Cloud Detection Service for ICAPData Loss Prevention Cloud Detection Service for RESTData Loss Prevention Cloud PackageData Loss Prevention Cloud Prevent for Microsoft Office 365Data Loss Prevention Cloud Service for Discovery/ConnectorData Loss Prevention Cloud Service for EmailData Loss Prevention Cloud StorageData Loss Prevention Core PackageData Loss Prevention Data Access GovernanceData Loss Prevention Discover SuiteData Loss Prevention Endpoint DiscoverData Loss Prevention Endpoint PreventData Loss Prevention Endpoint SuiteData Loss Prevention EnforceData Loss Prevention Enterprise SuiteData Loss Prevention for MobileData Loss Prevention for Office 365 Email and Gmail with Email SafeguardData Loss Prevention Form RecognitionData Loss Prevention Network DiscoverData Loss Prevention Network EmailData Loss Prevention Network MonitorData Loss Prevention Network Monitor and Prevent for EmailData Loss Prevention Network Monitor and Prevent for Email and WebData Loss Prevention Network Monitor and Prevent for WebData Loss Prevention Network Prevent for EmailData Loss Prevention Network Prevent for Email Virtual ApplianceData Loss Prevention Network Prevent for Web Virtual ApplianceData Loss Prevention Network ProtectData Loss Prevention Network WebData Loss Prevention Oracle Standard Edition 2Data Loss Prevention Plus SuiteData Loss Prevention Sensitive Image RecognitionData Loss Protection Oracle Standard Edition
Issue/Introduction
Considerations when deciding on when to enable External Incident Storage.
Cause
Reasons to use External Incident Storage:
Allows you to store incident attachments such as email messages or documents on a file system rather than inside the database.
Saves a great deal of space in your database, which results in faster and easier database actions such as backup and restore.
Can be stored locally on the server, or can be stored on a remote computer
Reasons to use Internal Database Storage:
Once the data has been stored outside of the database it cannot be brought back into the database.
If you use a remote storage location to store your External Incident Data and you lose connection to that drive, it will be unable to use/load that data.
You need 100% availability on any external storage used.
Resolution
For instructions to enable External Incident Storage please use the link below.
Enforce (and the database) are in near-constant contact with external storage. You need 100% Availability on any external storage (High Availability).
It will require as much storage space as it is currently using for existing database storage (plus all new incident data).
Best Practices:
DO NOT place your external storage under the "/Symantec/DataLossPrevention/" folder (aka "/SymantecDLP/", or if you installed it in a custom location, do not place it inside the installation location).
DO NOT place your external storage under the "Archives" directory.- Ensure that both the Enforce Server and your External Storage server are in the same Domain.- Create a "protect" user with the same password as your Enforce Server "protect" user to use with your external storage directory.
DO NOT use a symlink from a folder on Enforce to the external storage location, use the direct UNC path.
If you are using an MS Windows system for external storage, share the directory with Read/Write permissions with the external storage "protect" user.
If you are using a Linux system for external storage, change the owner of the external storage directory to the external storage "protect" user.