cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rmatloa
Level 9
Report Inappropriate Content
Message 1 of 5

Purge Device Plug type Incidents

Jump to solution

Hi, 

 

I wanted to find out if its not possible to create a purge task that only looks at one or two types of incident. So i wanted to delete all device plug incidents as they aren't really of value to the investigative team.

 

#DLP

1 Solution

Accepted Solutions
Corey-DLP
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Purge Device Plug type Incidents

Jump to solution

Hello and thank you for posting here!

You can absolutely purge DLP incidents based on the incident type. To do this, you'll need to create a new or modify an existing purge task in the Incident Tasks section of the DLP Incident Manager. When in the Rule Criteria section, search for Incident Type and click the great than symbol to add the criteria. The drop down included in this criteria option will provide a list of different DLP incidents types. The screenshot I've attached shows what it should look like when you chose Device Plug. Click Save and all incidents matching that type will be removed when the DLP Purge Incidents server task runs.

View solution in original post

4 Replies
Corey-DLP
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Purge Device Plug type Incidents

Jump to solution

Hello and thank you for posting here!

You can absolutely purge DLP incidents based on the incident type. To do this, you'll need to create a new or modify an existing purge task in the Incident Tasks section of the DLP Incident Manager. When in the Rule Criteria section, search for Incident Type and click the great than symbol to add the criteria. The drop down included in this criteria option will provide a list of different DLP incidents types. The screenshot I've attached shows what it should look like when you chose Device Plug. Click Save and all incidents matching that type will be removed when the DLP Purge Incidents server task runs.

View solution in original post

rmatloa
Level 9
Report Inappropriate Content
Message 3 of 5

Re: Purge Device Plug type Incidents

Jump to solution

So the criteria portion i've managed to get.

 

What i'm trying to figure out here is : Can we create a new purge task using this newly created criteria. 

or does the epo only make use of one DLP purge task that automatically inherits the criteria define. 

 

i've also ran the server task that i found which states that it purges live dlp incidents, however the incidents are still there. 

hope this makes sense. 

Corey-DLP
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Purge Device Plug type Incidents

Jump to solution

Can you provide me with the exact name of the server task you ran? There are technically two server tasks, however in newer versions of the DLP extension, the server task to purge live tables is hidden so that it can not be disabled.

rmatloa
Level 9
Report Inappropriate Content
Message 5 of 5

Re: Purge Device Plug type Incidents

Jump to solution

The task name is : DLP Purge History of Operational Events and Incidents

 

but it looks like the purge task actually worked, just took some time to full clear out the incidents.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community