Storing evidence and fingerprint files

(This topic applies to MVISION DLP.) Your evidence files, registered document fingerprints, exact data fingerprints, and match highlights are stored using Amazon Simple Storage Service (Amazon S3). MVISION DLP Prevent needs to establish a connection with an existing Amazon S3 bucket for saving or downloading these files.

Enabling evidence storage is the default condition for MVISION DLP Prevent. Creating evidence storage in Amazon S3 and establishing a connection with your AWS bucket policy are the requirements, if you are enabling evidence storage in your MVISION ePO policy.

Evidence storage works as follows:

  1. The administrator configures the Amazon S3 bucket configurations in DLP Settings for uploading evidence files, match highlights, registered document fingerprints, and exact data fingerprints.
  2. After a setup connection is established, a unique AWS bucket policy is generated, which you must copy to your Amazon S3 bucket policy.
  3. Evidence files are uploaded from MVISION DLP Prevent appliance to the configured Amazon S3 bucket.
  4. You can retrieve the evidence files generated for DLP incidents from Protection Workspace of MVISION ePO.
Note: When you have reached your incidents quota limit, according to your license agreement, MVISION ePO purges incidents, starting with the oldest. Evidence files associated with these deleted incidents are kept for 90 days, and are then marked for deletion and deleted after another 90 days from your AWS S3 bucket.