Search the MangeEngine site:  
 

Help Center

Quick Start

File Auditing

File Analysis

Data Risk Assessment

Endpoint DLP

Cloud Protection

General settings

Policy Configuration

Release notes

Troubleshooting

Guides

Third-party software Contact us

Restore archived endpoint events

Once endpoint events have been archived, they will not be readily available in reports. However, you can browse through available archives, load the required files back to the database, and restore the data to the UI for analysis or reporting.

The loaded data will be unloaded automatically after a user-specified number of days.

Viewing archived folders

Archived folders will be listed in the Endpoint DLP module's Configuration tab. To view archived folders, follow these steps:

  • Select Endpoint DLP from the applications drop-down.
  • Navigate to Configuration > Storage Management > Restore Archived Events.
  • Enter the period for which you want to view archives, and select the event category from the drop-down.
  • The relevant archive files will be listed in the table, along with details on their location, which period's audit data they contain, and their size.
  • You can also see the number of files in different archive stages and filter the table based on it. The different filters you can use are:
    • All archive files: Lists every archive—both loaded and unloaded—in the selected report category.
    • Loaded files: Lists archives that have been temporarily loaded to the database. These can be viewed in reports by entering the appropriate time range in the Period filter.
    • Unloaded files: These are files that aren't currently loaded to the database.
    • Loading/unloading files: These are files that are in the process of being loaded or unloaded.
  • On the right pane, you can see the total size of all archive folders, and list them by clicking the All Folders List link.
  • The resulting All Archive Folders pop-up will show the current archive folder as well as previous archive locations and their sizes on disk. To include folders that are empty or have been deleted, toggle the Archive Folders button to the ON position.

Loading archived events

When you need to review older audit data for a particular business or regulatory requirement, you can simply load the older archive files back to the active database. This allows you to view those events on the console by selecting the appropriate time range in the Period menu of the Endpoint DLP module's reports.

To load archived folders, follow these steps:

  • Go to Endpoint DLP > Configuration > Storage Management > Restore Archive Events.
  • From the table, select the archive files containing the audit data from the time range you want to analyze or report on.
  • Click the Load icon.

Unloading events

Loaded data will be unloaded automatically after a user-specified number of days. This just means that it will be moved back to cold storage and can be reloaded whenever necessary. The number of days after which unloading will be done automatically can be specified by navigating to Endpoint DLP > Configuration > Storage Management > Restore Archive Events and modifying the corresponding value in the top-right corner.

In case you wish to unload files manually, follow these steps:

  • Go to Endpoint DLP > Configuration > Storage Management > Restore Archive Events.
  • From the table, select the archive files containing the audit data you want to remove from the console.
  • Click the Unload icon.

Topics in this page:

Don't see what you're looking for?

  • Visit our community

    Post your questions in the forum.

     

  • Request additional resources

    Send us your requirements.

     

© 2024 Zoho Corporation Pvt. Ltd. All rights reserved.