Control and limit the size of the event uploaded from the endpoint in RSA Data Loss Prevention 9.6 and later
RSA Product Set: DLP RSA Product/Service Type: Enterprise Manager, Endpoint RSA Version/Condition: 9.6 and above Platform: Windows
When DLP violations occur at DLP Endpoint, the file in violation is also uploaded along with the event details. There is advance configuration is configurable and can control and limit the DLP Endpoint event file size. The default is 5 MB. No additional violation file(s) is attached to the event zip if the overall size of the event zip exceeds the configured or default limit.
To control the overall size of the event zip. This Advanced Endpoint Configuration / Override Configurations can be changed on DLP Enterprise Manager at Endpoint page
Open DLP Enterprise Manager
Select Admin tab
Select Endpoint menu
Select Endpoint Groups
Choose the appropriate Endpoint Group from the groups' list
Select Edit to configure the selected Endpoint Group
Locate Tech Support Only section and click to expand the Advanced Endpoint Configuration.
Then add the Advanced Endpoint Configuration into Override Configuration field.
This example will limit the maximum event zip file to be 3 MB and not add further attachments to events when event zip file go beyond 3 MB