Learn about data retention for Agentic SIEM & XDR data sources, including the types of data retained, retention types, and how you can change or extend your retention period.
Connected Agentic SIEM & XDR data sources supply data used for analysis, threat hunting,
and event correlation. Data is retained using analytic retention by default, which
allows for more frequent data queries. Archival retention, used to retain data for
compliance purposes or infrequent queries, is only available if you collect the data
using a log repository.
Trend Vision One retains Agentic SIEM & XDR-related data for a set predefined or custom
retention period. The Agentic SIEM & XDR-related data retention period refers to the
following:
-
The length of time the retained data can be viewed in XDR Data Explorer
-
The length of time events can be viewed in Observed Attack Techniques
Data retention for Agentic SIEM & XDR data, including Trend native and connected third-party
data, can be extended beyond the set retention period. When you extend the data retention
period, the retained data includes:
-
Activity logs
-
Detection logs
-
Events in Observed Attack Techniques
Data from Workbench has a fixed retention period of 180 days, but you may extend the
retention period if needed by contacting your support provider.
To extend data retention, you can allocate credits to Agentic SIEM and select retention periods for individual data sources in . Data for most data sources can be retained for up to two years. You can only change
the retention period for a data source once per day.
The following Agentic SIEM & XDR-related data sources, solutions, and capabilities
have fixed data retention periods that cannot be extended:
|
Data source, solution, or capability
|
Data scope
|
Retention period
|
||
|
180 days
|
|||
|
180 days
|
|||
|
30 days
|
|||
|
30 days
|
|||
|
30 days
|
|||
|
180 days
|
|||
|
30 days
|
|||
|
Forensics
|
|
Varies by data scope
|
||
|
Workbench
|
|
180 days
|
