Delete old DLP incidents to reduce the Oracle database size

book

Article ID: 162428

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

The database for Symantec Data Loss Prevention (DLP) does not automatically delete incidents, and continues to grow in size over the life of the deployment.

Resolution

Once the data retention period has elapsed for your security policy, you can delete the old incidents. This helps free space in the database and improve system performance.

  1. Log in to the DLP Enforce console.
  2. Click the Incidents tab, and go to Incidents All.
  3. Choose the appropriate date range to list old incidents. You may customize them in the Filter section; ensure that the Status is correct.
  4. Click Apply, and confirm that the resulting list matches your intended results.
  5. Manually select the incidents to delete, or click Select All. Then under the Incident Actions tab, choose Delete Incidents.
    The incidents are now marked for removal, and will be removed when the daily task for deletion executes.
  6. To remove the incidents immediately, go to the System tab > Incident Data > Incident Deletion. You will see all the Incidents in the queue that need to be deleted. You may then schedule a deletion time and start deletion.

WARNING: Deleting incidents from the Oracle database is permanent, and cannot be reversed.