Hosted EDR: Is 30 days retention guaranteed for all instances?
Article ID: 290673
Updated On:
Products
Carbon Black Hosted EDR (formerly Cb Response Cloud)
Issue/Introduction
Does Carbon Black guarantee 30 days of retention for events in Hosted EDR environments?
Environment
- Hosted EDR: All versions
Resolution
- 30 days of retention is not always guaranteed.
- The Hosted EDR environments are resourced to maintain 30 days of data assuming that endpoints are submitting reasonable amounts of data. For highly active endpoints further event filtering may need to take place in order to maintain 30 days of event retention
Additional Information
- Event retention can be increased by minimizing some incoming data through a few methods
- Adjust retention settings in sensor groups under Advanced > Retention Maximization
- In sensor group settings select Advanced > Filter known modloads
- Apply Ingress filtering for noisy events which are deemed safe
Feedback
Yes
No
Powered by
