Documentation
|
Support
Overview
> Forcepoint DLP databases
Forcepoint DLP databases
Administrator Help | Forcepoint DLP | Version 8.5.x
Forcepoint DLP has 2 databases for incident and forensics data:
The incident database contains information about policy breaches, such as what rule was matched, how many times, what were the violation triggers, what was the date, channel, source, ID, and more. It is stored in Microsoft SQL Server along with policy configuration data.
When the incident database gets very large, it is partitioned so that it can be archived onto different physical disks. See
Archiving incident partitions
.
The forensics repository contains information about the transaction that resulted in an incident, such as the contents of an email body and the From, To, and Cc fields, as well as attachments, URL category, hostname, file name, and more.
To configure the size and location of the forensics repository, see
Configuring the forensics repository
.
Both incident data and forensics data are displayed in the "Incidents, Last
n
days" report.
Overview
> Forcepoint DLP databases
Copyright 2017 Forcepoint. All rights reserved.