We have to save Incidents and evidences for two years, but DLP Incident Task 'Purge Incidents' will delete part of it. What could you suggest? Is it possible extend this limit more than 5,000,000? Or are there some possibilities to archive events and when needed access them with ability also get (decrypt) proper evidences?
There is no mechanism in place to increase the limit passed 5,000,000 incidents. However, exported incidents using Case Management could be an option.
For example, go to Incident Manager and select the desired incidents to add to a Case.
Once Case is created, go to DLP Case Management under Data Protection. Select the Case ID, click actions, then Export Selected Cases.
The exported .zip file contains a separate folder for each case. Each case folder contains matching incident sub-folders with details.
You have the option to add the decrypted evidence files and match-string files to each incident ID supbfolder, Add a CSV file with incidents list information, or Add a CSV file with details about each evidence file.
Was my reply helpful? If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.