Archive incidents in Enforce server
search cancel

Archive incidents in Enforce server

book

Article ID: 184214

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Need to backup incidents through Data Loss Prevention Enforce server

Resolution

At this time you have multiple options to backup incidents:

Option 1:

To backup the incidents from the Enforce server you can do this via the Enforce UI

1. Go to System > Incident Data > Web Archive
2. Enter an Archive name
3. Select the Report to Export (The report will contain all the incidents you requested)
4. Click on Create.
5. Verify the report was saved to the location default \<DLP_install_Directory>\Protect\Archive\<Report Name>

Note: The incidents will be saved in an easily readable HTML format. You can transfer this Web Archive to another server or archive it to any storage location

 

Option 2:

You can also use an External Storage Directory, whereby incident attachments can be stored on a disk that is external to the database.

For more details about "blob externalization", see the System Maintenance Guide for your version.

 

Option 3:

Perform a cold backup of the Symantec DLP Oracle database and restore it to another server if you need to recover an incident.

For information about performing a cold backup please refer to the DLP System Maintenance Guide.

 

Option 4:

You can export a CSV or XML version of incidents from the Enforce Console.

1. From within the Enforce Console navigate to any incident list page(Network, Endpoint or Discover).

2. Select the incident(s) that you want to export.

3. Under the "Incident Actions" dropdown select either "Export Selected: CSV" or "Export Selected: XML" to export the selected incidents in the chosen format. Your browser will prompt you to download the file.

You can also download all incidents in the current report by choosing either "Export All: CSV" or "Export All: XML" under the Export option along the bar at the top. Your browser will prompt you to download the file.

 

Option 5:

You can have Enforce email incident reports to any email address.

1. From within the Enforce Console navigate to any incident list page(Network, Endpoint or Discover).

2. Click the Send button on the bar at the top.

3. Fill out the required fields to email the incident list.

 

Option 6:

You can print an incident report list to any printer.

1. From within the Enforce Console navigate to any incident list page(Network, Endpoint or Discover).

2. Click the Print icon in the upper right hand corner of the page.

3. An image of the report appears in a browser window or tab.

4. The printer selection dialog box appears, and you can select a printer.

Additional Information

Related articles:

How to increase max number of incidents exported with Web Archiver