hi
you could access incident history information (which contains all statuses update) in two different ways :
- Reporting API : web services which has a specific method to access history information (first you need to find interesting incidentIDs then you will request history information for these IDs)
- XML extract which could be obtained manually or automatically if you are able to simulate browsing in DLP UI.
accessing information directly into database is always possible but symantec could change database schema in any version so you will have to redo your report.
regards