Set Data Retention and Advanced Purging Options

When data is initially collected, it is stored as unprocessed data in the BeyondInsight database. After the data is processed and made available in the management console and reports, the unprocessed data is no longer needed. To maintain a manageable database size, the unprocessed data is purged at regular intervals. Go to Configuration > System > Data Retention to manage BeyondInsight's data retention.

Data Retention

To maintain a manageable database size, the unprocessed data is purged at regular intervals. These intervals are for the purging of Vulnerability Management data and can be configured here.

Vulnerability Management has been deprecated and will be removed from the product in a future version.

 

Purge general events older than

Sets the number of days to keep the data sent by the agents.

General events can include events like checking in and trying to connect to assets, and firewall events which might indicate that the scan cannot process because of a firewall blocking the connection.

The default number of days is 7.

Purge attacks older than

Sets the number of days to keep attack data that was discovered by the protection agent.

Recommended: 90 days

Purge application events older than

Sets the number of days to keep the application events sent by the agents.

The default value is 7.

Purge scans older than

Sets the number of days to keep the information defined in the scan settings.

Recommended: 7 days

Purge scan events older than

Sets the number of days to keep the data collected in scans.

Recommended: 7 days

Purge attack events older than

Sets the number of days to keep the data sent by the protection agents.

Recommended: 7 days

Purge discovery agent jobs every N days

When enabled, sets the number of days to keep the discovery data collected by the agents.

Recommended: 1 day

Click Update Maintenance Options to save your option settings.

To maintain a manageable database size, older event data is purged at regular intervals. The intervals for the purging of privileged access management event data can be configured here.

Purge Windows events older than

Purges the information sent by the protection agents.

The default value is 90 days.

Purge Endpoint Privilege Management events older than

Sets the number of days to keep Endpoint Privilege Management's unprocessed event data.

The default is 30 days.

Purge Privilege Management for Unix & Linux events older than Sets the number of days to keep events sent by Privilege Management for Unix & Linux Servers.
Purge file integrity events older than

Sets the number of days to keep File Integrity events captured by Endpoint Privilege Management.

Purge Endpoint Privilege Management Session Monitor events older than Sets the number of days to keep the events collected when session monitoring is being used.
Purge Identity Services events older than

Sets the number of days to keep Identity Services unprocessed event data.

Click Update Privileged Access Management Maintenance Options to save your option settings.

To maintain a manageable database size, the unprocessed data is purged at regular intervals. The intervals for the purging of asset data can be configured here.

Purge assets

When enabled, Purge assets older than sets the number of days to keep asset data for assets that were discovered once, but are never discovered again.

Recommended: 30 days

Purge asset attributes

When enabled, Purge asset attributes older than sets the number of days to keep asset attribute data, such as ports, services, hardware, and attack events.

Recommended: 7 days

Purge Cloud assets

When enabled, Purge Cloud assets older than sets the number of days to keep cloud asset data.

Cloud asset purging does not run unless Purge Assets is also enabled. The Purge cloud assets older than setting must always be equal to or less than the Purge assets older than setting.

Recommended: 30 days

Click Update Asset Maintenance Options to save your option settings.

To maintain a manageable database size, the unprocessed data is purged at regular intervals. The intervals for the purging of application data can be configured here.

Purge reports older than

Sets the number of days to keep report files that are stored on the file system and corresponding database.

The default value is 90 days.

Purge application user audits older than

Sets the number of days to keep user application audit data. Audit data is the record of user activities in the BeyondInsight system.

Recommended: 120 days

Purge closed tickets older than

Sets the number of days before closed or inactive tickets are deleted.

The calculation for purging ensures the ticket is closed and uses the date the ticket was last updated, not the due date.

For example, a ticket has a due date 60 days in the future but the ticket was closed and not edited for over a week. If the purge setting is set to 7, then the ticket is purged even though the due date is in the future.

Click Update Application Maintenance Options to save your option settings.

To maintain a manageable database size, the temporary data is purged at regular intervals. The interval for the purging of Third Party Integration temporary data can be configured here.

Purge third-party uploads older than

Sets the number of days to keep the information about the scan files that you upload.

The default is 90 days.

The data in the scan file is not purged.

Click Update Third-Party Integration Maintenance Options to save your option settings.

Purging Options

Screenshot of Configuration > Support > Advanced Purge Options page in the BeyondInsight Console.

In addition to purging data according to the data retention settings, the nightly purge can be configured with these advanced options. Go to Configuration > Support > Purging Options to set the following advanced options:

  • Database Index Maintenance: (Disabled by default) When you enable this option, you can choose how frequently you want to purge the index, set the maximum time for the purge to execute in minutes, and set the maximum number of indexes to purge.
  • Nightly Database Statistics Maintenance: (Enabled by default) This option purges database statistics each night.
  • Batch Purging: (Disabled by default) Enable this option to purge multiple assets at one time in a batch. When this option is enabled, the complete asset, including all asset attributes is purged (all older data is removed from the asset). When this option is disabled, one asset is purged at a time, as opposed to a batch of assets.
  • Loop Based Purging: (Disabled by default) When this option is enabled, after a round of purging is complete, the purge window is checked and if still in the purge window AND there are more than 1000 items left to purge, another round of purging begins. This looping cycle repeats until the purge window expires or there is not enough data worth deleting. The default purge window begins at 1:00 AM and is two hours long. When this option is disabled, only one round of purging is performed each day.