Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Automatically delete attachments on a "Dismiss" action.

Created: 12 Jul 2013 | 3 comments
Artem's picture

Hello,

I want to delete an original message, attachments and files from incidents when I run Dismiss smart responses. But I can't use "Limit Incident Data Retention" action in the manually executed response rule.

I can delete an original message, attachments and files with the "delete incidents" action, but there is a way to do this automatically with run the smart responses?

---
Best regards, Artem.

Comments 3 CommentsJump to latest comment

kishorilal1986's picture

This feature and requiremnt noy yet developed. This is something new as per your need but this is not recommneded ro delete the attachemnet s etc. by dismissing button execution as it required for future analysis and investigation. You are trying to do this just to minimize the space but your this idea need more scope.

Artem's picture

If I have false positive incidents, I don't need any future analysis or investigation them. But I want to store these incidents for the policy optimisation.

---
Best regards, Artem.

tim.kerns's picture

Artem,

Personally, I would recommend applying certain statuses to your False Positive incidents and running a weekly query on those incident and then just manually deleting the messages.

You may be able to write a script that looks at your Oracle database and removes all messages based on status or something but I don't know how you would specify whether or not the entire message gets deleted or just portions. Always use caution when looking at database options because it's never a supported method from Symantecs eyes when throwing custom scripts at the database so I would'nt even attempt it.

Try submitting an enhancement request under the Ideas section here to get that introduced because I think it's a great idea that could save on storage in the future.