Content incident folders contain incidents of the messages that violate a policy's conditions. Information about incidents can help you understand, prevent, respond to, and audit potential violations. For example, you can use an incident folder to monitor content filtering policy violations at your company before you adopt permanent policies.
Content incident folders store the incidents that let you do the following:
Monitor incidents in informational incidents folders
You can monitor the incidents that occur, but you do not have to act on them.
You must create a content filtering policy in which at least one action is to create an informational incident in the folder that you specify. If a policy violation occurs, an incident is created in that informational incidents folder for you to review at your convenience.
Hold incidents for review and remediation in quarantine incidents folders
You can hold messages in a quarantine incident folder for you to review and determine the action that you want to take.
The content filtering officer can perform any of the following tasks:
Approve the incident.
Reject the incident.
Perform a custom action.
Delete the incident.
You must create a policy in which at least one action is to create a quarantine incident in the folder that you specify. If a policy violation occurs, an incident is created in that folder for your review and action.
Messages that are held in content incident folders remain there until they are remediate or expunged by the Expunger.