Skip to main content

Cloud-delivered Advanced AnalyticsExabeam Advanced Analytics Administration Guide

Data Retention in Advanced Analytics

Advanced Analytics retains both event log and session data for limited periods of time. Retention times depend on the retention categories and the time periods defined in your purchased license.

Data in Advanced Analytics is divided into the following retention categories:

  • Raw logs. The original event logs sent to Advanced Analytics.

    Note

    Your Event Selection policy determines which event logs are sent to Advanced Analytics.

  • Enriched events. The event logs created by Advanced Analytics when the raw logs are received and enriched with contextual data.

    Note

    Until a raw event log is purged from the system, you can view the event in both its original and enriched forms.

  • Events that triggered rules. Enriched events that have triggered or helped to trigger one or more rules.

  • User and Asset Sessions. The containers that Advanced Analytics creates for both users and assets to represent the different timeframes of the enriched events attributed to them. Sessions are retained for the same amount of time as the enriched events that comprise them.

    If a session includes one or more events that were involved in triggering rules, the session is retained for as long as the event(s) that triggered the rules are retained; however, any events in the session that did not trigger rules are removed from the session when their retention period expires.

When the date of an event log exceeds the retention period of its category, the event is purged from the system. Likewise, when all the event logs associated with a session have been purged, the session is purged. 

For details on the retention periods included with your license, see the Product Entitlement page on the Exabeam Community.