The Symantec Data Loss Prevention (DLP) database does not automatically delete incidents, and continues to grow in size over the life of the deployment.
Once the data retention period has elapsed for your security policy, you can delete the old incidents to free space in the database and improve system performance.
Following steps can be implemented:
Login to the DLP Enforce Console, Click 'Incidents' Tab and go to 'Incidents All'.
Chose the appropriate date range to list old incidents. You may customize them in the 'Filter' section and make sure the 'Status' is correct. Click 'Apply', and confirm the resulting list matches your intended results.
Manually select the incidents to delete, or 'Select All' and Under 'Incident Actions' Tab - chose 'Delete Incidents'. This will mark the selected incidents for Deletion.
The incidents are now marked for removal, and will be removed when the daily task for deletion executes.
To remove the incidents immediately, Go to 'System' Tab - 'Incident Data' - 'Incident Deletion' option. You will see all the Incidents in queue that need to be deleted. You may Schedule a deletion time and Start Deletion.
NOTE: Once the Incidents are deleted from the Oracle Database, It's a permanent operation, and cannot be reversed.
Subscribing will provide email updates when this Article is updated. Login is required.