Data retention tab

The Configuration: Data retention tab is available for the Analyst, Manager, or All-In-One (Pinbox). It is divided into two sections and includes the following options:

Database retention

Appliance log

Configure the number of months of appliance log data to retain. This includes appliance logs and metrics that are visible in the Monitoring logs tab. The allowed range is 1 to 22 months. Enter a value or click the increment/decrement icon to change the value. Click the checkbox icon to set the retention value to Unlimited. If you have changed the value, click the Default button to reset it.

Endpoint detection

Configure the number of months of endpoint detection data to retain. This includes data about detection of threats on network endpoints. The allowed range is 1 to 22 months. Enter a value or click the increment/decrement icon to change the value. Click the checkbox icon to set the retention value to Unlimited. If you have changed the value, click the Default button to reset it.

Mail detection

Configure the number of months of mail detection data to retain. This includes data about detection of threats in emails. The allowed range is 1 to 22 months. Enter a value or click the increment/decrement icon to change the value. Click the checkbox icon to set the retention value to Unlimited. If you have changed the value, click the Default button to reset it.

Network detection

Configure the number of months of network detection data to retain. This includes data about detection of threats on the network. The allowed range is 1 to 22 months. Enter a value or click the increment/decrement icon to change the value. Click the checkbox icon to set the retention value to Unlimited. If you have changed the value, click the Default button to reset it.

Network detection metadata

Configure the number of months of network detection metadata data to retain. This includes additional metadata about detection of threats on the network. The allowed range is 1 to 22 months. Enter a value or click the increment/decrement icon to change the value. Click the checkbox icon to set the retention value to Unlimited. If you have changed the value, click the Default button to reset it.

Network log

Configure the number of months of network log data to retain. This includes logs about network activity on the monitored network. It is recommended to keep this retention setting to a low number as this data can grow quickly. The allowed range is 1 to 22 months. Enter a value or click the increment/decrement icon to change the value. Click the checkbox icon to set the retention value to Unlimited. If you have changed the value, click the Default button to reset it.

Network analysis

Configure the number of months of network analysis data to retain. This includes information about the monitored network extracted by Network Analysis. The allowed range is 1 to 22 months. Enter a value or click the increment/decrement icon to change the value. Click the checkbox icon to set the retention value to Unlimited. If you have changed the value, click the Default button to reset it.

Network analysis log

Configure the number of months of network analysis log data to retain. This includes logs of network activity collected by Network Analysis. It is recommended to keep this retention setting to a low number as this data can grow quickly. The allowed range is 1 to 22 months. Enter a value or click the increment/decrement icon to change the value. Click the checkbox icon to set the retention value to Unlimited. If you have changed the value, click the Default button to reset it.

Packet capture retention

Network PCAPs

Configure the number of days for retaining packet capture (PCAP) data. Enter a value or click the increment/decrement icon to change the value. If you have changed the value, click the Default button to reset it. The default retention for the On-Premises deployment is 183 days and is configurable. The default retention for the Hosted deployment is 30 days and is not configurable.

Analysis artifacts retention

Analysis results

Configure the number of days for retaining analysis reports. This includes detailed analysis results, such as the sandbox reports (or any metadata files, such as screenshots of network traffic captures), allowing you to limit the disk space used by these results. The default is Unlimited. Enter a value or click the increment/decrement icon to change the value. Click the checkbox icon to set the retention value to Unlimited. If you have changed the value, click the Default button to reset it.

When you are done, click the Save and deploy button to enable your changes. Otherwise click Cancel to discard any changes.

If you have not made any changes, click the Retrigger configuration button to reload the appliance configuration.

Click Back to appliance list to return to the Overview tab