The database for Symantec Data Loss Prevention (DLP) does not automatically delete incidents, and continues to grow in size over the life of the deployment.
Once the data retention period has elapsed for your security policy, you can delete the old incidents. This helps free space in the database and improve system performance.
Log in to the DLP Enforce console.
Click the Incidents tab, and go to Incidents All.
Choose the appropriate date range to list old incidents. You may customize them in the Filter section; ensure that the Status is correct.
Click Apply, and confirm that the resulting list matches your intended results.
Manually select the incidents to delete, or click Select All. Then under the Incident Actions tab, choose Delete Incidents. The incidents are now marked for removal, and will be removed when the daily task for deletion executes.
To remove the incidents immediately, go to the System tab > Incident Data > Incident Deletion. You will see all the Incidents in the queue that need to be deleted. You may then schedule a deletion time and start deletion.
WARNING: Deleting incidents from the Oracle database is permanent, and cannot be reversed.
Subscribing will provide email updates when this Article is updated. Login is required.