Data Loss Prevention

 View Only

  • 1.  Detail Persisting over 1000000 incidents can decrease database performance

    Posted Feb 26, 2014 02:42 AM

    Dear all of you,

    I'm seeking for solution for the Warning Events as shown as below from the Enforce Server. Can anybody help me? Thank you for very much!

    Code  2316 
    Summary  Over 1000000 incidents currently contained in the database 
    Detail  Persisting over 1000000 incidents can decrease database performance



  • 2.  RE: Detail Persisting over 1000000 incidents can decrease database performance
    Best Answer

    Trusted Advisor
    Posted Feb 26, 2014 07:23 AM

    Hello,

     You can archive some incidents using web archive (you xill find lot of threads about webarchive on this forum) and then delete them from database. Just be sure to store your web archive in a safe place. You can also simply delete some incident which were assess as false positive.

     

     Regards.



  • 3.  RE: Detail Persisting over 1000000 incidents can decrease database performance

    Trusted Advisor
    Posted Feb 27, 2014 02:06 PM

    Hoang,

     

    The erro is saying that you have over 1000000 incidents in the DLP system. That is a LOT of incidnets to keep.

    You should be deleting these incidents overtime.. the idea is to keep incidnets in the system that are needed for legal purposes over a period of time. Most of my customers fdo not keep incidents in the system over 1 to 2 years and will delete them from the system completely. The ONLY ones to keep are the ones that are under investigation or are needed for Legal purposes.

    The system is giving you this warning for reports will take longer to run and can impeded the perfromance of the Reporting aspect of the console.

     

    Hope this makes sense.

    If this solves your questions please marked as solved.

    Ronak

     



  • 4.  RE: Detail Persisting over 1000000 incidents can decrease database performance

    Posted Mar 04, 2014 01:52 AM

    Dear Ronak and Stephane,

     

    Thank you very much for your solutions. Yes, I think so. However, I don't know what useful Oracles SQL commands should I use here to backup old incidents. Could you please show me in more details step by step?

    Thank you very much in advance :)

     



  • 5.  RE: Detail Persisting over 1000000 incidents can decrease database performance

    Trusted Advisor
    Posted Mar 04, 2014 07:04 AM

    hello

     

     you should use DLP UI to do it because incident are stored encrypted in DLP database so if you want to keep a track of them it is better to do it via DLP UI.

    In menu System / Incident Data / Web Archive you are able to define archive name and use a report to select incident you want to extract (so you have to define a report before). and then click on create, this will archive your incident (if you have a lot it could take lot of time and also a huge disk volume). This web archive is created on enforce server in directory "Archive".

     Then you can use your report previously used to define your archive content, and click on "select all" then select "Delete Incident" in "incident actions" dropbox.

     

     Regards.



  • 6.  RE: Detail Persisting over 1000000 incidents can decrease database performance

    Posted Mar 06, 2014 04:52 AM

    Hello,

    It's great. With over 1,000,000 incidents, it will take long time to finishsad. I hope the incoming version 12.xx will have a better way to manage incidents.

    Anyway, thank you very much for your help.