Learn about data retention for Agentic SIEM & XDR data sources, including the types of data retained, retention types, and how you can change or extend your retention period.
Connected Agentic SIEM & XDR data sources supply data used for analysis, threat hunting,
and event correlation. Data is retained using analytic retention by default, which
allows for more frequent data queries. Archival retention, used to retain data for
compliance purposes or infrequent queries, is only available if you collect the data
using a log repository.
Retained Agentic SIEM & XDR data for both Trend native and third-party products includes:
-
Activity logs
-
Detection logs
-
Events in Observed Attack Techniques
Retained Agentic SIEM & XDR data does not include:
-
Audit logs
-
Application data
Trend Vision One retains Agentic SIEM & XDR-related data for a set predefined or custom
retention period. The Agentic SIEM & XDR-related data retention period refers to the
following:
-
The length of time the retained data can be viewed in XDR Data Explorer
-
The length of time events can be viewed in Observed Attack Techniques
To extend data retention, you can allocate credits to Agentic SIEM and select retention periods for individual data sources in . Data for most data sources can be retained for up to two years. You can only change
the retention period for a data source once per day.
The following Agentic SIEM & XDR-related data sources, solutions, and capabilities
have fixed data retention periods that cannot be extended:
|
Data source, solution, or capability
|
Data scope
|
Retention period
|
||
|
180 days
|
|||
|
180 days
|
|||
|
180 days
|
|||
|
30 days
|
|||
|
30 days
|
|||
|
30 days
|
|||
|
180 days
|
|||
|
30 days
|
|||
|
Forensics
|
|
Varies by data scope
|
||
|
Workbench
|
|
180 days
|
