When you go to the policy settings section in the Risk Fabric console, you see it pulled a lot of old policies which have been deleted in Symantec DLP. You want to know if this is normal, and if you will be able to filter on policies that are not deleted.

Release : 6.x

Component : Symantec Data Loss Prevention Integration Pack

This is normal. When you delete a policy in DLP, the IsDeleted bit column on the record for that policy is set to 1 in the Protect database's Policy table but the record persists to preserve referential integrity between that policy and any incidents that violated that policy.

For the same reason, Information Centric Analytics (ICA) imports the names of both active and deleted policies from the DLP database because incidents previously imported into ICA may be associated with policies that have since been deleted in DLP. This preserves the integrity of the relationship between incidents and the policies they violated within the RiskFabric schema.

If you require assistance with filtering or managing the list of DLP policies in ICA, contact Broadcom support for assistance.