Trend Vision One offers data retention licenses for XDR-related data:
The default period for these apps is 30 days of data retention for Search and Observed Attack
Techniques. You can extend
the retention period to 90 days, 180 days, or one year with the purchase of the applicable
license.
The XDR data retention period refers to the following:
-
The length of time that Trend Vision One retains logs and during which you can find these logs using the Search app.
-
The length of time that Trend Vision One retains Observed Attack Techniques events related to those logs and during which you can view these.
XDR data retention does not include the following:
Endpoint data retention
Endpoint Security detection and activity logs includes logs generated from Trend Vision One Endpoint Security as well as
any connected endpoint point products like Trend Micro Apex One On-premises, Trend Micro Apex One as a Service, Deep Security, and Trend Cloud One - Endpoint & Workload Security.
To extend the retention period, purchase the endpoint data retention license.
Cloud data retention
Cloud Security detection and activity logs includes logs generated from cloud sensors
such as AWS CloudTrail and Amazon Virtual Private Cloud Flow Logs.
To extend the retention period, purchase the cloud data retention license.
Network extended storage
Network Security detection and activity logs includes logs generated from the Virtual
Network
Sensor.
To extend the retention period, purchase the network extended storage license.
Data retention exclusions
This data retention period excludes:
-
Workbench alerts: Default 180 days
-
Forensics data:
-
Workspaces: 180 days
-
Evidence reports: 30 days
-
Timelines: 180 days
-
Scan and query results: 180 days
-
- Raw package: 360 days
-
Other related data such as audit logs, app data, and Attack Surface Risk Management data.
Fixed data retention
These products have a fixed data retention period which is not bound by license:
-
Mobile Security including detection and activity logs: 180 days
-
Email and Collaboration Security including detection and activity logs for both the Email and Collaboration Sensor and connected point products like Cloud App Security: 180 days
-
Zero Trust Secure Access including detection and activity logs: 180 days
-
Container Security including detection and activity logs: 30 days
-
TippingPoint SMS point product detection logs only: 30 days
-
Cloud One - Network Security point product detection logs only: 30 days
-
Deep Discovery Inspector point product detection and activity logs: 180 days
-
Trend Micro Web Security point product detection logs only: 30 days