Deep Discovery Analyzer can retain the investigation
package data for up to 100 days, but the time can be reduced due to storage limitations.
|
Note
To ensure the availability of the investigation package data, Trend Micro recommends backing up the data to an
external server. For details, see Data Backup.
|
The following examples illustrate how storage limitations can affect the amount of
time that
the investigation package data is retained in Deep Discovery Analyzer.
Based on testing done by Trend Micro, the average size of the investigation package data is 8 MB. If Deep Discovery Analyzer analyzes 8000 samples per day, then the resulting investigation package data is 64000
MB.
-
After about 31 days, the 2 TB disk from Deep Discovery Analyzer 1000 is filled and the investigation package data is purged.
-
After about 62 days, the 4 TB disk from Deep Discovery Analyzer 1100 is filled and the investigation package data is purged.
-
After about 62 days, the 4 TB disk from Deep Discovery Analyzer 1200 is filled and the
investigation package data is purged.
If Deep Discovery Analyzer is in cluster mode, the disk space occupied per day is multiplied by the number of
appliances in the cluster.
-
Using the numbers from the example above, the investigation package data for a cluster
with five Deep Discovery Analyzer 1000 appliances is purged after about 6 days.
-
Using the numbers from the example above, the investigation package data for a cluster
with five Deep Discovery Analyzer 1100 appliances is purged after about 12 days.
-
Using the numbers from the example above, the investigation package data for a
cluster with five Deep Discovery Analyzer 1200
appliances is purged after about 12 days.