Set Data Retention and Advanced Purging Options
When data is initially collected, it is stored as unprocessed data in the BeyondInsight database. After the data is processed and made available in the management console and reports, the unprocessed data is no longer needed. To maintain a manageable database size, the unprocessed data is purged at regular intervals. Go to Configuration > System > Data Retention to manage BeyondInsight's data retention.
Data Retention
Maintenance
To maintain a manageable database size, the unprocessed data is purged at regular intervals. These intervals are for the purging of Discovery Management data and can be configured here.
| Purge general events older than |
Sets the number of days to keep the data sent by the agents. General events can include events like checking in and trying to connect to assets, and firewall events which might indicate that the scan cannot process because of a firewall blocking the connection. The default number of days is 7. |
| Purge attacks older than |
Sets the number of days to keep attack data that was discovered by the protection agent. Recommended: 90 days. |
| Purge application events older than |
Sets the number of days to keep the application events sent by the agents. The default value is 7. |
| Purge scans older than |
Sets the number of days to keep the information defined in the scan settings. Recommended: 7 days . |
| Purge scan events older than |
Sets the number of days to keep the data collected in scans. Recommended: 7 days. |
| Purge attack events older than |
Sets the number of days to keep the data sent by the protection agents. Recommended: 7 days. |
| Purge discovery agent jobs every N days |
When enabled, sets the number of days to keep the discovery data collected by the agents. Recommended: 1 day. |
Click Update Maintenance Options to save your option settings.
Privileged Access Management
To maintain a manageable database size, older event data is purged at regular intervals. The intervals for the purging of privileged access management event data can be configured here.
| Purge Windows events older than |
Purges the information sent by the protection agents. The default value is 90 days. |
| Purge Endpoint Privilege Management events older than |
Sets the number of days to keep Endpoint Privilege Management's unprocessed event data. The default is 30 days. |
| Purge Privilege Management for Unix & Linux events older than | Sets the number of days to keep events sent by Privilege Management for Unix & Linux Servers. |
| Purge file integrity events older than |
Sets the number of days to keep File Integrity events captured by Endpoint Privilege Management. |
| Purge Endpoint Privilege Management Session Monitor events older than | Sets the number of days to keep the events collected when session monitoring is being used. |
| Purge Identity Services events older than |
Sets the number of days to keep Identity Services unprocessed event data. |
Click Update Privileged Access Management Maintenance Options to save your option settings.
Asset Maintenance
To maintain a manageable database size, the unprocessed data is purged at regular intervals. The intervals for the purging of asset data can be configured here.
| Purge assets |
When enabled, Purge assets older than sets the number of days to keep asset data for assets that were discovered once, but are never discovered again. Recommended: 30 days. |
| Purge asset attributes |
When enabled, Purge asset attributes older than sets the number of days to keep asset attribute data, such as ports, services, hardware, and attack events. Recommended: 7 days. |
| Purge Cloud assets |
When enabled, Purge Cloud assets older than sets the number of days to keep cloud asset data. Cloud asset purging does not run unless Purge Assets is also enabled. The Purge cloud assets older than setting must always be equal to or less than the Purge assets older than setting. Recommended: 30 days. |
Click Update Asset Maintenance Options to save your option settings.
Application Maintenance
To maintain a manageable database size, the unprocessed data is purged at regular intervals. The intervals for the purging of application data can be configured here.
| Purge reports older than |
Sets the number of days to keep report files that are stored on the file system and corresponding database. The default value is 90 days. |
| Purge application user audits older than |
Sets the number of days to keep user application audit data. Audit data is the record of user activities in the BeyondInsight system. The default and recommended value is 120 days. |
| Purge closed tickets older than |
Sets the number of days before closed or inactive tickets are deleted. The calculation for purging ensures the ticket is closed and uses the date the ticket was last updated, not the due date. For example, a ticket has a due date 60 days in the future but the ticket was closed and not edited for over a week. If the purge setting is set to 7, then the ticket is purged even though the due date is in the future. |
Click Update Application Maintenance Options to save your option settings.
Third-Party Integration Maintenance
To maintain a manageable database size, the temporary data is purged at regular intervals. The interval for the purging of Third Party Integration temporary data can be configured here.
| Purge third-party uploads older than |
Sets the number of days to keep the information about the scan files that you upload. The default is 90 days. |
The data in the scan file is not purged.
Click Update Third-Party Integration Maintenance Options to save your option settings.
Purging Options
In addition to purging data according to the data retention settings, the nightly purge can be configured with these advanced options. Go to Configuration > Support > Purging Options to set the following advanced options:
- Database Index Maintenance: (Disabled by default) Rebuilds or reorganizes the indexes depending on what would be better for that index.
- Nightly Database Statistics Maintenance: (Enabled by default) Updates the statistics on any that are out of date.
- Batch Purging: (Disabled by default) Enable this option to purge multiple assets at one time in a batch. When this option is enabled, the complete asset, including all asset attributes is purged (all older data is removed from the asset). When this option is disabled, one asset is purged at a time, as opposed to a batch of assets.
- Loop Based Purging: (Disabled by default) When this option is enabled, after a round of purging is complete, the purge window is checked and if still in the purge window AND there are more than 1000 items left to purge, another round of purging begins. This looping cycle repeats until the purge window expires or there is not enough data worth deleting. The default purge window begins at 1:00 AM and is two hours long. When this option is disabled, only one round of purging is performed each day.
