Respond Config: Set a Retention Period for Risk Scoring Data

Document created by RSA Information Design and Development on Jul 9, 2019
Version 1Show Document
  • View in full screen mode
 

This allows you to retain risk score data for a certain period of time and then delete it. A shorter retention period frees up disk space sooner.

Data retention for risk score is enabled by default with retention period configured for 30 days. You can also reconfigure the retention period. Data deleted after the retention period cannot be recovered.

Prerequisites

The Administrator role must be assigned to you.

Procedure

  1. Go to ADMIN > Services, select the Respond Server service, and then select Actions icon > View > Explore.
  2. In the Explore view node list, select respond/risk/data/retention.
  3. In the retention-period field, enter the number of days to retain risk score related events. For example, 20 DAYS. The default and maximum retention-period is 30 days.
    You will see a notice that the configuration is successfully updated.
  4. In the Frequency field, enter the frequency to run the retention in days. The default frequency is 1 day.
    You will see a notice that the configuration is successfully updated.

  5. Restart respond server for changes to take effect.

Note: Data retention starts after every respond server restart.

Result

After the retention period ends, the scheduler permanently deletes all the risk score alert context older than the specified period.

You are here
Table of Contents > Additional Procedures for Respond Configuration > Set a Retention Period for Risk Scoring Data

Attachments

    Outcomes