About historical data cleanup in the Directory database - Historical data retained by the Directory role, such as alarms and incidents, tend to grow indefinitely over time. However, you can decide how long to keep each of these types of data in Config Tool.

About historical data cleanup in the Directory database - Historical data retained by the Directory role, such as alarms and incidents, tend to grow indefinitely over time. However, you can decide how long to keep each of these types of data in Config Tool. - Security Center 5.13

Security Center Administrator Guide 5.13

Product

Security Center

Content type

Guides > Administrator guides

Version

5.13

ft:locale

en-US

Last updated

2025-04-16

Historical data retained by the Directory role, such as alarms and incidents, tend to grow indefinitely over time. However, you can decide how long to keep each of these types of data in Config Tool.

What is historical data?

Historical data is data collected over time. All historical data is time-stamped and increases in volume over time. Unlike configuration data, which remains critical, the usefulness of historical data tends to diminish with age. To avoid taking up unnecessary storage space, the system regularly purges old records that are no longer useful.

Most roles manage historical data, such as past events, and allow you to configure their retention periods.

The historical data managed by the Directory role are:

Alarms: Past alarms are alarms that have been acknowledged. Past alarms are kept for 90 days by default. You can investigate current and past alarms using the Alarm report task in Security Desk.
Audit and activity trails: Audit and activity trails keep records of the configuration changes and system and user activities. Records are kept for 90 days by default. You can review these records using the Audit trails and Activity trails tasks.
Incidents: Incidents are created through the Report an incident tool or command in Security Desk. Incident reports are kept for 90 days by default. You can investigate past incidents using the Incidents task in Security Desk.

Changing the retention periods

The Directory role runs the cleanup process every hour. All records older than the configured retention period are permanently deleted. As an administrator, you can change the retention periods in Config Tool using the System task. To reach the configuration page, click General settings > Advanced settings > Retention periods.

The Retention periods settings in the System task, General settings, Advanced settings page.

If you do not want your changes to be recorded in the audit trails, disable the Enable audit trail logging option before clicking Apply.

If your changes cause historical data to be purged, a message box opens to warn you about the records that you’re about to delete. If you do not wish to lose any data, you can revert your changes and increase the values of the retention periods.

Protection against accidental deletion of historical data

The system performs a cleanup check every time the Directory is restarted. If historical data needs to be purged, you have a 72-hour grace period before the actual purge takes place. All Security Desk and Config Tool instances connected to the Directory display a warning message to alert their user that historical data is about to be deleted. At the same time, a health event is recorded for each type of historical data that is affected.

Notification message warning the user that historical data is going to be purge in 72 hours or less.

The grace period gives the administrator time to validate the configured retention periods before the historical records are permanently deleted.