Home

What's your log retention approach? Do you have a SIEM, log management system or both? And how long do you retain logs on devices (e.g. firewalls), in SIEM and in a log management system?

1 year is standard in most cases

33 views
2 comments
1 upvotes
Related Tags
Anonymous Author
1 year is standard in most cases
0 upvotes
Anonymous Author
Depends on what kind of logs…some logs are delete automatically after some time (SaaS Tools like Sophos f.e.), others are also deleted because of GDPR Requierments (internet logs, guest access). We definied the most crucial logs for us and collecting them in a log aggregation tool for 12 months, in some cases also longer (AD Logs), which are getting archived after 12 months and can be used on demand.  I propose to first start an overview of all logs you want to collect, categorize them und define the storage / duration.  Don’t forget also to look at the legal requirements & GDPR. 
0 upvotes