Difference DLP Incident List versus DLP Incident History
I am trying to understand the difference between the two tabs "Incident List" and "Incident History" in the DLP Incident Manager. While I understand the general meaning of the terms, I do not see any difference in content or functionality. I know that their content is managed independently in the database, as they do have separate tables. I tried the documentation but it provides only a very general description. It does not tell e.g. whether reporting on the data of bothe tables differs in any way.
Re: Difference DLP Incident List and Incident History
Hello and thank you for posting here.
Essentially the difference between the Incident List and the Incident History tabs comes down to the intended use case for each. The Incident List is intended to be used for incidents that are actively being worked on, investigated or for shorter term data retention. The Incident History list is meant for more longer term storage of DLP incident data. You can think of this as a backup of your incidents. By default, the Incident List purges the oldest incident once the number of incidents reaches one million whereas Incident History does not have a purge task enabled by default (although one can be configured if desired).
In terms of the data stored, both lists receive an identical copy of a DLP incident once it is parsed into the database by the ePO Event Parser. If no purging has been done on either list, both should be a mirror copy of each other.
Hopefully this helps clear things up, but please let me know if you have any further questions.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.