We’re currently upgrading our Windows 2012 detection servers to Windows 2019 – this is the vast majority of boxes, including eventually Enforce.

For the detection servers we are trying to keep FQDN & IPs the same, particularly in the case of the Endpoint boxes where the EP clients reference FQDNs in their respective configs.

What is the best way to remove the “old” servers from the console when there may be thousands of incidents associated with them, how do we manage those incidents?
We have tried to keep the respective IPs & FQDNs the same on the old and new boxes but is this the best approach; I’m wondering whether this creates any issues on the console with the existing legacy incidents?

Release : 15.x,16.x

Removing/deleting or replacing the detection servers does not impact the current incidents stored in the database; they should remain intact and unaffected. You don't need to do anything with those incidents.