Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

Carbon Black Cloud Console: All Versions

Question

How long are Events and Alerts able to be seen and reviewed in the Console?

Answer

Alerts and the Events linked to them are stored for 180 days.
Events not associated with any Alerts are stored for 30 days.
Watchlist hits are stored for 30 days like Events not associated with Alerts.

Additional Notes

Increased data retention is available as an add-on product through VMware Data Retention for VMware Carbon Black Cloud.
These retention settings were implemented in the August '16 release (0.18.x) of the Carbon Black Cloud Console.

Related Content

Carbon Black Cloud: Are Events able to be retrieved from the Backend when event data retention cut-o...
Cb Defense: Severity, Threat Level, Target Value, Malware Types Information
Cb Defense: How is event data categorized, identified, and formed into an Alert?
Endpoint Standard: Event ID vs Alert ID vs Threat ID

Article Information

Author:

Creation Date:

‎09-09-2020

Views:

8358

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.