cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 10
Report Inappropriate Content
Message 1 of 2

DLP: understanding incident and its associated evidence purge

Jump to solution

Hello,

We are cleaning up old incidents and their related evidences to release more space in our DLP evidence share.

So, I created new tasks under DLP Manager to purge old and false positives incidents. So, it looks like these tasks are combined with the DLP Purge Operational Events and Incidents that runs every night.

I'm seeing this in the notes though: "Deletes events and incidents from the LIVE database tables. Evidence files are not deleted since they associated with the event or incidents in the HISTORY lists."

We need the evidence files to be removed so as to free up space. Do I need to create another DLP purge task pertaining to the history data (i.e. Data in-use/motion - History)? 

Please assist. Thank you.

 

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: DLP: understanding incident and its associated evidence purge

Jump to solution

Hello and thank you for posting here!

In order for evidence files to be deleted, all incidents the evidence files are linked to must also be deleted. This includes incidents that are in the live tables (Incident List) as well as the history tables (Incident History). This would mean that a separate purge task would also need to be created for the Incident History list and the "DLP Purge History of Operational Events and Incidents" server task must be run. 

It should be noted that evidence files are initially moved to a folder named "PendingDelete" which resides in the Evidence Share. The evidence files will remain here for 30 calendar days; at which point they will be permanently deleted.

View solution in original post

1 Reply
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: DLP: understanding incident and its associated evidence purge

Jump to solution

Hello and thank you for posting here!

In order for evidence files to be deleted, all incidents the evidence files are linked to must also be deleted. This includes incidents that are in the live tables (Incident List) as well as the history tables (Incident History). This would mean that a separate purge task would also need to be created for the Incident History list and the "DLP Purge History of Operational Events and Incidents" server task must be run. 

It should be noted that evidence files are initially moved to a folder named "PendingDelete" which resides in the Evidence Share. The evidence files will remain here for 30 calendar days; at which point they will be permanently deleted.

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community