App Control: How to Configure Event Retention Settings
Article ID: 290076
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
To modify the amount and or period of days to keep events within the console/database.
Environment
- App Control Console: All Supported Versions
Resolution
- Navigate to System Configuration (Gear Icon) > Events tab
- Update the values for "Delete Events Older Than" and "Delete If More Than"
- Save changes
Additional Information
- The more events kept, the more storage that is required and the longer queries can take.
- By default the App Control Server saves no more than 10 million Events and none older than 4 weeks.
- Warning: Before lowering this setting, it's recommended to discuss with a dedicated security team and consider the impact this may have in future security breaches
- Event data is deleted when either condition is met. You can configure these automatic deletion parameters based the available disk space on the SQL Server and your need for historical information. To determine the right values for your network, monitor disk space use and query time on the serve. Adjust the event database deletion parameters accordingly.
Feedback
Yes
No
Powered by
