Data Loss Prevention

Hello,

I want to delete an original message, attachments and files from incidents when I run Dismiss smart responses. But I can't use "Limit Incident Data Retention" action in the manually executed response rule.

I can delete an original message, attachments and files with the "delete incidents" action, but there is a way to do this automatically with run the smart responses?

---
Best regards, Artem.

This feature and requiremnt noy yet developed. This is something new as per your need but this is not recommneded ro delete the attachemnet s etc. by dismissing button execution as it required for future analysis and investigation. You are trying to do this just to minimize the space but your this idea need more scope.

If I have false positive incidents, I don't need any future analysis or investigation them. But I want to store these incidents for the policy optimisation.

---
Best regards, Artem.

Artem,

Personally, I would recommend applying certain statuses to your False Positive incidents and running a weekly query on those incident and then just manually deleting the messages.

You may be able to write a script that looks at your Oracle database and removes all messages based on status or something but I don't know how you would specify whether or not the entire message gets deleted or just portions. Always use caution when looking at database options because it's never a supported method from Symantecs eyes when throwing custom scripts at the database so I would'nt even attempt it.

Try submitting an enhancement request under the Ideas section here to get that introduced because I think it's a great idea that could save on storage in the future.