Incident archiving lets you flag specified incidents as "archived." Because these archived incidents are excluded from normal incident reporting, you can improve the reporting performance of your Symantec Data Loss Prevention deployment by archiving any incidents that are no longer relevant. The archived incidents remain in the database; they are not moved to another table, database, or other type of offline storage.
You can set filters on incident reports in the Enforce Server administration console to display only archived incidents or to display both archived and non-archived incidents. Using these reports, you can flag one or more incidents as archived by using the Archive options that are available when you select one or more incidents and click the Incident Actions button. The Archive options are:
- Archive Incidents - Flags the selected incidents as archived.
- Restore Incidents - Restores the selected incidents to the non-archived state.
- Do Not Archive - Prevents the selected incidents from being archived.
- Allow Archive - Allows the selected incidents to be archived.
The archive state of an incident displays in the incident snapshot screen in the Enforce Server administration console. The History tab of the incident snapshot includes an entry for each time the Do Not Archive or Allow Archive flags are set for the incident.
Access to archiving functionality could also be controlled by roles. You can set the following user privileges on a role to control access:
- Archive Incidents - Grants permission for a user to archive incidents.
- Restore Archive Incidents - Grants permission for a user to restore archived incidents.
- Remediate Incidents - Grants permission for a user to set the Do Not Archive or Allow Archive flags.