Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
FortiKoala
Staff
Staff

Created on ‎03-01-2019 07:07 AM

Article Id 192571

Technical Note: ZoneFox 4.0 - How long is data retained in ZoneFox

Description

How long is data retained in ZoneFox


Scope

FAQ


Solution

By default the data retention periods are: 

  • 30 days for live user events – these are all events minus system events (see below)
  • 12 months for compacted user events – after the “live” threshold user events are compacted to optimise the back-end storage. Compacted data is searchable and search results can be uncompacted back to Live to gain full access to corresponding event information.
  • 7 days for system events – these are events involving resources in the following paths on Windows endpoints
    • Program Files
    • Program Files (x86)
    • Windows
    • AppData
    • Desktop.ini
 Note that any alerts, generated when an event matches a configured policy, are kept indefinitely.



Labels:
223
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.