Purge records from the RiskFabric database
search cancel

Purge records from the RiskFabric database

book

Article ID: 371315

calendar_today

Updated On: 09-16-2024

Products

Information Centric Analytics

Issue/Introduction

Is there a method for programmatically removing events, entities, or other types of data from the Information Centric Analytics (ICA) RiskFabric database?

Environment

Version : 6.x

Resolution

ICA includes several purge scripts that can be used to remove a variety of entity, event, and ancillary data, including the following:

  • ActivityLog data
  • Entity data
  • Entity relationship data
  • Events [Authentication, Data In Motion (DIM), Endpoint, Web Activity]
  • Events by IDs
  • DIM incidents with disabled policies
  • Metric dashboards
  • All Symantec DLP data

Contact Broadcom support for assistance with purging data from the RiskFabric database.

Additional Information

For data integrity reasons, the purge process is executed in a single transaction by the database engine. If any errors are encountered during execution, this enables rollback to the previous state with no lost or orphaned records; however, due to the potentially large number of tables and records that can be affected by this procedure, this may require the RiskFabric relational database's transaction log to grow significantly. Ensure you have configured the transaction log's maxsize value to use as much space as possible on its host drive. This should be done in coordination with your database administrator. If drive space is insufficient, the procedure can be run in time-based batches to reduce transaction log use.

NOTE: If the procedure encounters an error, it will fail and rollback silently. Additional debug output will be added to the procedure in a future release.