Views:
Trend Vision One offers data retention licenses for XDR-related data:
The default period for these apps is 30 days of data retention for Search and Observed Attack Techniques. You can extend the retention period to 90 days, 180 days, or one year with the purchase of the applicable license.
The XDR data retention period refers to the following:
  • The length of time that Trend Vision One retains logs and during which you can find these logs using the Search app.
  • The length of time that Trend Vision One retains Observed Attack Techniques events related to those logs and during which you can view these.
XDR data retention does not include the following:

Endpoint data retention

Endpoint Security detection and activity logs includes logs generated from Trend Vision One Endpoint Security as well as any connected endpoint point products like Trend Micro Apex One On-premises, Trend Micro Apex One as a Service, Deep Security, and Trend Cloud One - Endpoint & Workload Security.
To extend the retention period, purchase the endpoint data retention license.

Cloud data retention

Cloud Security detection and activity logs includes logs generated from cloud sensors such as AWS CloudTrail and Amazon Virtual Private Cloud Flow Logs.
To extend the retention period, purchase the cloud data retention license.

Network extended storage

Network Security detection and activity logs includes logs generated from the Virtual Network Sensor.
To extend the retention period, purchase the network extended storage license.

Data retention exclusions

This data retention period excludes:
  • Workbench alerts: Default 180 days
  • Forensics data:
    • Workspaces: 180 days
    • Evidence reports: 30 days
    • Timelines: 180 days
    • Scan and query results: 180 days
  • Raw package: 360 days
  • Other related data such as audit logs, app data, and Attack Surface Risk Management data.

Fixed data retention

These products have a fixed data retention period which is not bound by license: