For those of you that are leveraging Adv Analytics, what has been your real-world need for the cloud storage period for records? 7 days with a Splunk data collection looks to be feasible (if this data, indeed, feeds to Splunk). 30 days is likely where we'd want it capped but I'd like to hear from current users.
Best answer by ematchey
View original
+16
Hello Alphabane,
The sweet spot for many customers is the 3months/90 day data retention plan. This amount of data allows you to understand your environment - where is your data going and why and how is behavior changing over time. It offers the ability for customers to both do the investigative and troubleshooting work as well as have the ability to monitor trends. Longer data retention also gives AA more information about persistent problems. It allows AA to tell the difference, for instance, between a user who has been constantly violating rules for months versus a user who had their first incident ever this week. Below is a table that breaks down the data retention by persona, key use cases and relevant dashboards. Please let us know if you have further questions!
|
Data Retention Period |
Persona |
Key Use Cases |
Relevant Views/Dashboards |
|
24hrs - 7 Days |
Hands-on: - Security operations/management - Information Security Engineers - Security Architect |
- App/user activity discovery - Policy tuning -Tenant configuration troubleshooting - Incident investigation |
- Risk Management - DLP Policies - Coaching Policy |
|
3 Months |
- Usage and performance - Short term trends - Threat hunting |
||
|
6 Months |
Hands-off: - CISO - CIO - VP of Security Infrastructure & Operations - IT Director |
- Providing security strategy for organizations as a whole - Needs data to make business decisions and backup strategies - Needs the 'Big Picture' - Demonstrating value of security investments |
- CISO Dashboard - Insider Threat Dashboard - Cloud Risk Assessment - QBR |
|
13 Months |
Elena
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
