Data Loss Prevention

 View Only

  • 1.  Incident

    Posted Nov 26, 2017 06:25 AM

    Hello

    I've a few questions :

    what is the average size of incidents after creation on network discover ?

    how many incidents can be put in a queue before sending to the enforce ?

    what can we adjust to make the network discover wait before sending the incident ?

     



  • 2.  RE: Incident

    Trusted Advisor
    Posted Nov 27, 2017 07:38 AM

    hello

     

     by default discover incident does not contains original file so they are very light (if you have added a response rule to copy attachment there size will be bigger).

    you could not set a timer to send incident from discover to enforce, if you really need incident to be kept at discover level, you could try to block communication between enforce and discover (or shut down your enforce if possible) but dont sure it is a good idea. Is there any specific reason for you to want to keep incident on discover server ?

    regards