Dataset Management - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2023-10-31
Last date published
2024-03-27
Category
Administrator Guide
Abstract

Learn more about managing your datasets and understanding your overall data storage, period based retention.

Notice

This feature requires a Cortex XDR Pro license.

The Dataset Management page enables you to manage your datasets and understand your overall data storage duration for different retention periods and datasets based on your Hot and Cold Storage licenses, and retention add-ons to extend your storage. The top of the page is where the details of your data retention licenses are listed.

Note

For more information on license retention and the defaults provided per license, see License Retention.

Important

Cortex XDR enforces retention on all log-type datasets excluding Host Inventory, Vulnerability Assessment, Metrics, and Users.

Hot and Cold Storage

Abstract

Learn more about how your Hot and Cold Storage licenses are displayed in the Dataset Management page.

Your current hot and cold storage licenses, including the default license retention and any additonal retention add-ons to extend storage, are listed within the Hot Storage License and Cold Storage License sections of the Dataset Management page. Whenever you extend your license retention, depending on your requirements and license add-ons for both Hot Storage and Cold Storage, the add-ons are listed.

You can expand your license retention to include flexible Hot Storage based retention to help accommodate varying storage requirements for different retention periods and datasets. This add-on license is available to purchase by strorage for a minimum of 1,000 GB. If this license is purchased, an Additional Storage subheading in the Hot Storage License section is displayed on the Dataset Management page with a bar indicating how much of the storage is used.

Note

Only datasets that are already handled as part of the GB license are supported for this license. In addition, the retention configuration is only available in Cortex XDR, as opposed to the public APIs or configuration from the parent MSSP tenant.

On any dataset configured to use Additional Hot Storage, you can edit the retention period. This enables you to view the current retention details for hot and cold storage and configure the retention. This includes setting the amount of flexible Hot Storage based retention designated for a dataset and the priority for the dataset's Hot Storage, which is used when the storage limit is exceeded to know the data most critical to preserve.

Datasets Table

Abstract

Learn more about the Datasets table in the Dataset Management page.

For each dataset listed in the table, the following information is available.