customer found that there are events being marked as deleted in DLP automatically, and as a consequence, the events and incidents associated with them are not visible in EM

When customer first view the incidents, all the details are blank (protocol, email sender, receipent etc).

When customer close the console and try to view the incident the second time, the incident is gone. Then customer also tries to find this event associated with the incident, but the event is also gone

Thus, we look through the DB to study more on this. We look at I_INCIDENT and found this incident and saw that it has being flagged as deleted. We then cross reference this incident with the associate event, and found that in the E_ABSTRACT_EVENT table that the event has also being flagged as deleted

 Furthermore, when customer first view this incident, it also shows the attachment as quarantine.

This was due to human error.

To clarify this again, if there are 2 users looking at the list of incidents together, and one of them decided to delete a incident, then when the second user tries to view that incident, all the details will goes blank and it will give a warning saying this email has being quarantined