8.3.3 Precautions

You use the utility to rid the system of falsely-generated matches and alerts. Other than recorded information in the <INSTALL_DIR>/database/db_tools/logs/ Alert_Purge.log file, the system does not capture audit information for this process. The utility does not update other alerts' prior counts as a result of purging alerts.

Note:

You cannot purge an alert that is used to trigger Auto Suppression. You can tell if an alert ID is used to trigger Auto Suppression by looking at the kdd_auto_suppr_alert.trgr_alert_id column to see if it contains the alert ID in question. If so, you have to delete the record before attempting to purge the alert.

Run the Alert Purge Utility:

• Through one process at a time. Multiple, simultaneous executions of the utility may lead to unexpected results and compromise the relational integrity of match, alert, and action data.
• When no users are editing or viewing any of the alerts, actions, or associated information (including matches derived from the alerts and actions specified, alerts derived from the specified actions, and actions derived from the specified alerts). However, you can run the utility during editing or viewing of other alerts and related information. You can also run the utility during alert post-processing, subject to time constraints.