Retention policies
The following section describes the GravityZone data retention policies.
Feature | Retention policy |
---|---|
GravityZone notifications | The default retention policy is 30 days. However, you can set your own values. The maxim allowed value is 365 days. For information on how to change the default policy, please see Configuring notification settings. |
GravityZone incidents | Correlated incident data is part of the incident graphs generated by the XDR module and is available for 90 days. |
Endpoint Detection and Response (XDR) raw data | By default, raw event data (telemetry) is available for 7 days. You have the option to extend the retention period to 30 days, 90 days, or 180 days by acquiring add-ons. |
GravityZone data used for reporting | Data in GravityZone that is leveraged for reporting is available for 2 years. |
Sandbox Analyzer samples | Samples submitted to Cloud Sandbox Analyzer are deleted immediately after detonation. |
Sandbox Analyzer reports | The HTML reports using data from samples submitted to Cloud Sandbox Analyzer are available for 365 days. |
Email Security reports | Email Security report information is available for 3 months after a report has been generated from the console. After this period has passed, reports will be archived and you can access them by going to Email Security console > Analytics > Log archives. |