Overview of Forcepoint databases
Applies to:
- Forcepoint Web Security and Forcepoint URL Filtering, v8.5.x
- Forcepoint DLP, v8.5.1, v8.6.x, v8.7.x, v8.8.x, v8.9.x, v9.0, v10.x
- Forcepoint Email Security, v8.5.x
- Forcepoint appliances, v8.5.x
The on-premises Forcepoint security solutions use a variety of databases for different purposes: configuration information, reporting data, URL categorization, fingerprinting, and forensics. Several data formats are used, including SQL, PostgreSQL, and Forcepoint proprietary formats.
These databases include:
| Database | Description |
|---|---|
| Reporting Databases |
Web, data, and email security products SQL Server databases that store reporting and logging data for individual Forcepoint security products. The Data reporting database also stores configuration data. See Understanding the reporting databases. |
| Settings Database |
Web, data, and email security products PostgreSQL database that stores global configuration and infrastructure settings that affect all Forcepoint Security Manager modules. It is installed automatically on the Forcepoint management server and requires no administrator configuration. |
| Forcepoint URL Database |
Web products only Proprietary database that contains URL categories and protocol definitions, as well as supporting information, such as risk class groupings. A copy of the URL Database resides on each Filtering Service machine. By default, a full update is performed daily. Incremental updates can occur much more frequently if they are enabled on the page in the Forcepoint Security Manager. See Administrator Help for your web protection solution for further details. |
| RTM Database |
Web products only Holds and organizes filtering data for display in Real- Time Monitor. This is an independent database (not hosted on SQL Server) installed with each RTM Client and RTM Server instance. Administrators can specify when Real-Time Monitor captures data on the page in the Forcepoint Security Manager. No other aspect of database behavior is configurable. |
| Web Forensics Database |
Forcepoint Web Security only Stores details about files that may be associated with advanced malware threat activity in your network. Enable or disable the forensics repository and configure its location and size on the page in the Forcepoint Security Manager. See “Configuring Dashboard reporting data” in the Administrator Help for your web protection solution for details. |
| Data Fingerprint Database |
Forcepoint DLP only Stores data security fingerprints. See Data Fingerprint Database. |
| Data Forensics Database |
Forcepoint DLP only Contains information about DLP and discovery transactions that resulted in incidents, such as the contents of an email body, including the From:, To:, and Cc: fields, as well as actual attachments. Transactions can also include web posts, endpoint operations, and discovered as well as other events. For transactions that occurred on a web channel, the forensics might include the URL category property. Configure the size and location of the forensics repository in the Data Security module of the Forcepoint Security Manager. Navigate to the page and click Forensics Repository under the management server. |