Data Loss Prevention

 View Only

  • 1.  Differences between number of incidents

    Posted Jul 10, 2018 10:38 AM

    Hello,

    I like your assistance from this issue, in the list of overview of Enforce Console I see 2 incidents in the last 24 hs. but if I going to the list of incidents enpoint from today only show 1 incidents. 

    Aditional, the folder of incidents from the enpoint and enforce server is empty

    Maybe is a issue of the version 14.6 mp1?



  • 2.  RE: Differences between number of incidents

    Posted Jul 10, 2018 11:50 AM

    Hi Tokyo,

     

    From the image you have provided it is only showing incidents from 'Today'. To view incidents from the last 24 hours customise your date range. To do this hit the arrow that is next to today and then select 'Custom' then enter in your date range (07/09/2018 - 07/10/2018) and then press 'Apply'

     

    This should now show you the 2 incidents that you have seen reported.

     

    Please mark this answer as resolved if it has solved your query,

     

    Thanks



  • 3.  RE: Differences between number of incidents

    Posted Jul 11, 2018 01:00 AM

    Hi Tokyo,

    Regarding the folder of incidents being empty, it is because when incidents are generated they do go to the incidents folder and are of type .idc. These files are processed by the IncidentPersister and stored in the DLP Database after which these files are deleted. That's the reason the incidents folder is empty.

    See below article for further understanding, (.bad files are those incidents which are not able to be processed and stored into the DLP Database that's why they remain in the incidents folder)

    https://support.symantec.com/en_US/article.TECH219791.html

    Kind regards

    Muhammad Ahmad Gul



  • 4.  RE: Differences between number of incidents

    Posted Jul 30, 2018 02:22 PM

    Hello,

    Thank for your answer, but in this issue, the incident folder from enpoint and enforce are empty.

    Second if going to traffic page an select "Today" the number of incidents are (for example) 30 , the same number in the Overview Page.

    I create a case with the support of Symantec and the incidents are in the Oracle database but not is show in the enforce console.

    They using the folowing command to see the number of all incidents in all detecction server this day select count(*) from incident where detectiondate >= sysdate - 1;

    Restart all the Vontu Services unsuccessfully. I still waiting to the next Webex session, but a like to know if to anyone happen the same