Video Screencast Help

Incident Data Dump from Oracle

Created: 03 Oct 2013 | 8 comments

We are looking to get an incident detail dump from the back end Oracle. Support has said that only possibility is using the API, but we dont want to spend considerable time doing it. So if anyone had luck building a sql query or likewise would like to share the same, it would be great.



Operating Systems:

Comments 8 CommentsJump to latest comment

Jsneed's picture

The easiest way to do this is through the interface using the XML option. 

SaVijayan's picture

Do you mean without using the API? You mean the web archive option? 

stephane.fichet's picture


 normally it is not (for security reason) possible to access incident content through database export. But depends on which information you really need (message content ? attachment ? incident notes/history ? other ?)

The best way to do it is :

- a webarchive : it will export in archive directory on enforce server all incident processing information (history, notes,...) and also email content (as an eml file and a list of attachment). Just create a report with your incident and in system/webarchive you can create it. Be sure to dont let it store on your enforce server as all admin can access this directory.

- an xml export of the incident : not so easy to read if you need to send it like that to an external party.

- a csv export : does not contains lot of information (no message content) but easy to do and to use

from my knowledge using web service API wont allow you to export message content (and it is available only from 11.6)


SaVijayan's picture

Thanks Stephanie, the information received via csv somehow seems limited. It doesnt capture history, notes and also reviewer information and status changes which can be also used for SLA reporting.

I was hoping to get all that information in one place. I definitely dont need the actual attachment, bt only information on what was triggered in certain cases were keywords are used in policies. It high lights in the incident, but doesnt store that information. 

The web archving seems to export the actual attachments as well and creates an html file. The html filesare not very handy. I will try to iimport into excel and see if that helps though. Mine is currently running.

I was hoping that someone found a way to query the db and get this.

Jsneed's picture

If you do the same export you did with the CSV and choose the XML option you will get more of the data.  You will get things like what was matched on ect.  This is the easiest way I know of to do this.

stephane.fichet's picture

I used to export xml to and process it with external script in order to use note and history cause xml export by itsef is not so readable. I use that for SLA, control that people involved in incident assessment didnt hide or miss a real data leakage,... But you also have access to keywords which match your message and generate the incident.

 So if i understand your goal, you need to use xml export and process it.

yang_zhang's picture

I think you can use Web Archive to dump the incident data.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
Denis Kattithara 1's picture

DLP Incidents stored in the Oracle db are encrypted. These are intentionally encrypted so that information about Data Loss Incidents cannot be stolen/accessed by unauthorized personnel.

Web archive is a good option, but will not show incident attachments.