The SGBox Data Retention
In this section we will explain how SGBox stores logs.
The logs received by SGBox are called “RAW logs”. The raw logs represent exactly what the data sources send to SGBox.
When the raw logs are received, they’re stored in the SGBox storage system, the “Online storage”. You can access and make searches on the Online raw logs in LM > Analysis > Historical Search
The logs are then analyzed in order to match them with known events. If SGBox founds a match, this information is saved in another section of the internal storage. You can access the matched events in different ways: the easiest is LM > Analysis > Class/Pattern Analysis.
The raw data is also “sealed” in text files that are taken from the SGBox storage and kept in a compressed, encrypted and signed format for security and regulatory compliance reasons. The encrypted data is also associated to a timestamp. The encrypted data cannot be directly accessed by the user, it can only be exported with the backup application.
You can configure different retentions for each storage in SCM > Advanced Options.
You can set the Encrypted raw logs retention in the following section
You can set the Online raw logs retention in the following section.
You can set the Events retention in the following section.