Archiving Forcepoint DLP Incident Data
To free storage space for new incidents and forensics records, older records can be moved to an archive partition.
This can either be done manually (see Manual archiving) or via an automatic process triggered when a certain threshold is reached (see Automatic archiving).
Each archive partition contains records for a 91-day interval. Up to 25 accessible partitions (6 years and 1 month) are supported, stored in the following groups: Active, Online, Restored, and Archived.
| Partition type | Microsoft SQL Server Standard or Enterprise | SQL Server Express |
| Active | 1 partition (current quarter) | 1 partition (current quarter) |
| Online | up to 8 partitions (2 years) | up to 4 partitions (1 year) |
| Restored | up to 4 partitions (1 year) | up to 4 partitions (1 year) |
| Archived | up to 12 partitions (3 years) | up to 12 partitions (3 years) |
| Total | 25 | 21 |
- View and manage partitions on the page in the Forcepoint Security Manager.
- Manage the size of the forensics repository on the page. Select the repository to configure its properties, including its maximum size.
- Manage the size of the archive folder on the page.