On the Administration > Services > Config view > Data Retention tab of an Archiver, Administrators can define the criteria for log retention and storage. In the Rule Definition dialog, which is accessible from the Retention Rules section, you can define retention rules to use for your storage collections.
Procedures related to this dialog box are described in Step 3. Configure Archiver Storage and Log Retention and Define Retention Rules.
Rule and Query Guidelines presents the guidelines for all queries and rule conditions in Security Analytics Core services.
To access the Rule Definition dialog:
- In the Security Analytics menu, select Administration > Services.
- Select an Archiver service and > View > Config.
- In the Services Config view for the service, click the Data Retention tab.
- In the Retention Rule section, click or .
The Rule Definition dialog is displayed.
The following table describes fields in the Rule Definition dialog.