Incidents are stored in the Postgres DB called annoDB.
There is no automatic maintenance, the table can become large and impact performance.
Incidents are stored in the Postgres DB called annoDB. To connect to this database for manual maintenance switch user to rsawtd (sudo su - rsawtd) connect to the db:
$ psql -d silvertail -U silvertail -p 7078
The default password is silvertail, but this should have been changed during install and setup.
from here you can use regular sql and postgres rdbms commands, eg
silvertail=> \d incidents;
Table "public.incidents"
Column | Type | Modifiers
--------------------+-----------------------------+---------------------
--------------------+-----------------------------+---------------------
--------------------+-----------------------------+--------------
id | integer | not null default nextval('incidents_id_seq'::regclass)
name | text |
detail | text |
category | text |
tenantid | text |
priority | integer |
status | integer |
txn_url | text |
ip_address | text |
incident_user | text |
incident_timestamp | timestamp without time zone |
rule_name | text |
rule_comment | text |
accuracy | integer | default 1
source | integer |
last_update_time | timestamp without time zone | default now()
Indexes:
"incidents_pkey" PRIMARY KEY, btree (id)
psql uses fairly standard SQL commands:
silvertail=> select id,name,incident_timestamp,status from incidents where name = 'myincident' and incident_timestamp < ( NOW() - INTERVAL '30 days') and status = 3;
Note status has the following meaning:
1 = Open
2 = In Progress
3 = Closed
silvertail=> select count (id) from incidents where name = 'myincident' and incident_timestamp < ( NOW() - INTERVAL '3 days') and status = 3;
silvertail=> delete from incidents where name = 'myincident' and incident_timestamp < ( NOW() - INTERVAL '30 days') and status = 3;
After you have cleaned up you might want to consider compacting the storage.
silvertail=> SELECT
relname as "Table",
pg_size_pretty(pg_total_relation_size(relid)) As "Size",
pg_size_pretty(pg_total_relation_size(relid) - pg_relation_size(relid)) as "External Size"
FROM pg_catalog.pg_statio_user_tables ORDER BY pg_total_relation_size(relid) DESC;
Please note that to compact the db you will need to connect as the superuser, either change the role of silvertail or login as user postgres. Please consult postgres documentation for more details.
The command is:
silvertail=# vacuum full
Related Articles
Events and incidents mark as deleted automatically Number of Views Email Phishing Security Incident Alert – November 8, 2024 Number of Views RSA Access Manager password policy for automatic user unlock does not work when using an Active Directory user store Number of Views CAS Automatic Cleanup of Inactive User Accounts Number of Views too many email notification for some incidents Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
