logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Hosted EDR: Is 30 days retention guaranteed for all instances?

Hosted EDR: Is 30 days retention guaranteed for all instances?

Environment

  • Hosted EDR: All versions

Question

Does Carbon Black guarantee 30 days of retention for events in Hosted EDR environments?

Answer

  • 30 days of retention is not always guaranteed.
  • The Hosted EDR environments are resourced to maintain 30 days of data assuming that endpoints are submitting reasonable amounts of data. For highly active endpoints further event filtering may need to take place in order to maintain 30 days of event retention

Additional Notes

  • Event retention can be increased by minimizing some incoming data through a few methods
    • Adjust retention settings in sensor groups under Advanced > Retention Maximization
    • In sensor group settings select Advanced > Filter known modloads
    • Apply Ingress filtering for noisy events which are deemed safe

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎12-09-2021
Views:
409
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.