Investigation Package Data Retention

Deep Discovery Analyzer can retain the investigation package data for up to 100 days, but the time can be reduced due to storage limitations.

Note:

To ensure the availability of the investigation package data, Trend Micro recommends backing up the data to an external server. For details, see Data Backup.

The following examples illustrate how storage limitations can affect the amount of time that the investigation package data is retained in Deep Discovery Analyzer.

Based on testing done by Trend Micro, the average size of the investigation package data is 8 MB. If Deep Discovery Analyzer analyzes 8000 samples per day, then the resulting investigation package data is 64000 MB.

  • After about 62 days, the 4 TB disk from Deep Discovery Analyzer 1100 is filled and the investigation package data is purged.

  • After about 62 days, the 4 TB disk from Deep Discovery Analyzer 1200 is filled and the investigation package data is purged.

If Deep Discovery Analyzer is in cluster mode, the disk space occupied per day is multiplied by the number of appliances in the cluster.

  • Using the numbers from the example above, the investigation package data for a cluster with five Deep Discovery Analyzer 1100 appliances is purged after about 12 days.

  • Using the numbers from the example above, the investigation package data for a cluster with five Deep Discovery Analyzer 1200 appliances is purged after about 12 days.