You run the default Purge rule "Set maximum number of Data in-use/motion incidents to 5,000,000" for "Data in-use/motion" Incidents. The first 5,000,000 events are retained in the Incident List table and other incidents are deleted. 

Example:
Consider that the DLP Incident Manager, Incident List has 10,000,000 Incidents, where the first Incident ID is 1 and the last Incident ID is 10,000,000. If the default Purge rule "Set maximum number of Data in-use/motion incidents to 5,000,000" for "Data in-use/motion" Incidents is run, the Incidents from Incident ID 1 to Incident ID 5,000,000 get deleted. The Incidents from Incident ID 5,000,001 to Incident ID 10,000,000 are retained. 

The deleted Incidents can still be found in the DLP Incident Manager, Incident History section. You can access all retained and deleted incidents (Incident ID 1 to Incident ID 10,000,000) in the Incident History section. The DLP Incident Manager, Incident List, and the DLP Incident Manager, Incident History are two different tables that capture the incidents. DLP is designed to retain all DLP Incidents in the DLP Incident History table for audit purposes. You can create a purge rule for DLP Incidents in the Incident History table, according to your organization's requirement.

NOTE: The default Purge Rule "Set maximum number of Data in-use/motion incidents to 5,000,000" for "Data in-use/motion" Incidents can't be disabled.