- Advanced Analytics
- Understand the Basics of Advanced Analytics
- Configure Log Management
- Set Up Admin Operations
- Set Up Authentication and Access Control
- Additional Configurations
- Configure Rules
- Exabeam Threat Intelligence Service
- Threat Intelligence Service Prerequisites
- View Threat Intelligence Feeds
- Threat Intelligence Context Tables
- View Threat Intelligence Context Tables
- Assign a Threat Intelligence Feed to a New Context Table
- Create a New Context Table from a Threat Intelligence Feed
- Check ExaCloud Connector Service Health Status
- Exabeam Cloud Telemetry Service
- Manage Security Content in Advanced Analytics
- Health Status Page
Data Retention in Advanced Analytics
Advanced Analytics retains both event log and session data for limited periods of time. Retention times depend on the retention categories and the time periods defined in your purchased license.
Data in Advanced Analytics is divided into the following retention categories:
Raw logs. The original event logs sent to Advanced Analytics.
Note
Your Event Selection policy determines which event logs are sent to Advanced Analytics.
Enriched events. The event logs created by Advanced Analytics when the raw logs are received and enriched with contextual data.
Note
Until a raw event log is purged from the system, you can view the event in both its original and enriched forms.
Events that triggered rules. Enriched events that have triggered or helped to trigger one or more rules.
User and Asset Sessions. The containers that Advanced Analytics creates for both users and assets to represent the different timeframes of the enriched events attributed to them. Sessions are retained for the same amount of time as the enriched events that comprise them.
If a session includes one or more events that were involved in triggering rules, the session is retained for as long as the event(s) that triggered the rules are retained; however, any events in the session that did not trigger rules are removed from the session when their retention period expires.
When the date of an event log exceeds the retention period of its category, the event is purged from the system. Likewise, when all the event logs associated with a session have been purged, the session is purged.
For details on the retention periods included with your license, see the Product Entitlement page on the Exabeam Community.