Due to varied cicumstances, the 'incidents' directory on a RedHat Data Loss Prevention Enforce server may become filled with queued incidents modified with the .bad extension. This extenstion signifies a failure of Data Loss Prevention to process the incidents (for any number of reasons). Through troubleshooting, it may become advantageous to attempt the re-processing of the '.bad' incidents. To fully realize this goal, an administrator may need to change a large quanitity of incidents back to '.idc'.
The attached script (resetIDC.sh) will allow for a large-scale change of '.bad' extensions to '.idc'. To implement the script, follow these instructions:
The script may take some time to run. If too many incidents are added back into the environment, restarting IncidentPersister may be necessary to process batches of the re-processing incidents. If incidents are still actively being changed to '.bad', address whatever outstanding issue still exists in the environment before attempting a bulk extension change again.