Skip to main content


Retention policies

The following section describes the GravityZone data retention policies.


Retention policy

GravityZone notifications

The default retention policy is 30 days. However, you can set your own values. The maxim allowed value is 365 days. For information on how to change the default policy, please see Configuring notification settings.

GravityZone incidents

Correlated incident data is part of the incident graphs generated by the XDR module and is available for 90 days.

Endpoint Detection and Response (XDR) raw data

By default, raw event data (telemetry) is available for 7 days. You have the option to extend the retention period to 30 days, 90 days, or 180 days by acquiring add-ons.

GravityZone data used for reporting

Data in GravityZone that is leveraged for reporting is available for 2 years.

Sandbox Analyzer samples

Samples submitted to Cloud Sandbox Analyzer are deleted immediately after detonation.

Sandbox Analyzer reports

The HTML reports using data from samples submitted to Cloud Sandbox Analyzer are available for 365 days.

GravityZone Security for Email reports

GravityZone Security for Email report information is available for 3 months after a report has been generated from the console. After this period has passed, reports will be archived and you can access them by going to GravityZone Security for Email console > Analytics > Log archives.