This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Alerts retention duration in Cortex XDR

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Alerts retention duration in Cortex XDR

Go to solution
rediaz
L0 Member

‎07-21-2022 01:31 AM

Hi !

Does anyone know how long alerts/incidents will be visible in Cortex XDR ?

In our tenant we have alerts older than 1 year and I was wondering if they disappear after some time or if they will be accessible forever but I can't find this information anywhere.

 

Thanks

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
bbarmanroy
L5 Sessionator

‎07-21-2022 02:43 AM

By default, Cortex XDR will store a minimum of 30 days for EDR data as stated in the documentation here.

 

There is no enforcement for alerts wrt time right now. Instead,  it depends on the count of alerts (in millions). They will eventually disappear based on the number of alerts generated in the system, in a FIFO format. If there are regulatory/compliance requirements to store data, there are hot storage and cold storage SKU's to ensure data storage depending on the use case.

 

You can take a look at the Dataset Management table to see the current range of the data.

 

 

bbarmanroy_0-1658396070105.png

 

View solution in original post

0 Likes Likes
1 REPLY 1

Go to solution
bbarmanroy
L5 Sessionator

‎07-21-2022 02:43 AM

By default, Cortex XDR will store a minimum of 30 days for EDR data as stated in the documentation here.

 

There is no enforcement for alerts wrt time right now. Instead,  it depends on the count of alerts (in millions). They will eventually disappear based on the number of alerts generated in the system, in a FIFO format. If there are regulatory/compliance requirements to store data, there are hot storage and cold storage SKU's to ensure data storage depending on the use case.

 

You can take a look at the Dataset Management table to see the current range of the data.

 

 

bbarmanroy_0-1658396070105.png

 

0 Likes Likes
  • 1 accepted solution
  • 3208 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks