Knowledge Base

Yes

Environment

Carbon Black Cloud Console: All Versions
Endpoint Standard (Formerly CBD): All supported Versions
EEDR (Formerly CBTH): All Supported Versions

Question

Are Events able to be retrieved from the Backend when event data retention cut-off date has been hit?

Answer

No - Once an Event (Alerted or non-Alerted) passes the data retention limit for the org, it is no longer available and gets purged from the backend entirely

Additional Notes

Endpoint Standard: Alert Events (those with an AlertID) are stored for 180 days if they are associated with an alert, 30 days otherwise
EEDR: Events are stored for 30 days
In ES + EEDR orgs, the Investigate and Process Analysis page are working off the 30 day store that EEDR uses, so data retention is lowered

Knowledge Base

Carbon Black Cloud: Are Events able to be retrieved from the Backend when event data retention cut-off date has been hit?

Carbon Black Cloud: Are Events able to be retrieved from the Backend when event data retention cut-off date has been hit?

Environment

Question

Answer

Additional Notes

Related Content

Carbon Black Cloud

Endpoint Standard

Knowledge Base

Carbon Black Cloud: Are Events able to be retrieved from the Backend when event data retention cut-off date has been hit?

Carbon Black Cloud: Are Events able to be retrieved from the Backend when event data retention cut-off date has been hit?

Environment

Question

Answer

Additional Notes

Related Content

Carbon Black Cloud

Endpoint Standard

Thank you for your feedback.

Thank you for your feedback.