logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Carbon Black Cloud: Are Events able to be retrieved from the Backend when event data retention cut-off date has been hit?

Carbon Black Cloud: Are Events able to be retrieved from the Backend when event data retention cut-off date has been hit?

Environment

  • Carbon Black Cloud Console: All Versions
  • Endpoint Standard (Formerly CBD): All supported Versions
  • EEDR (Formerly CBTH): All Supported Versions

Question

Are Events able to be retrieved from the Backend when event data retention cut-off date has been hit?

Answer

No - Once an Event (Alerted or non-Alerted) passes the data retention limit for the org, it is no longer available and gets purged from the backend entirely

Additional Notes

  • Endpoint Standard: Alert Events (those with an AlertID) are stored for 180 days if they are associated with an alert, 30 days otherwise
  • EEDR: Events are stored for 30 days
  • In ES + EEDR orgs, the Investigate and Process Analysis page are working off the 30 day store that EEDR uses, so data retention is lowered

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎07-08-2021
Views:
878
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.