At the moment you can delete Incidents from the incident list, its a page at a time so the max would be 500.
We are about to investigate improving that deletion logic so hoping we have a better solution in the not too distant future.
------------------------------
Martin Feeney
Product Manager, IBM Security QRadar SOAR
martin.feeney@ie.ibm.com------------------------------
Original Message:
Sent: Wed July 24, 2024 12:03 AM
From: On Chi Thanh
Subject: Where is IBM SOAR storing incident records and how long will they be stored?
Dear Martin,
Thank you for your information,
According to your answer, what is best practice to delete data of DB to prevent it exceed maximum threshold ?
------------------------------
On Chi Thanh
Original Message:
Sent: Tue July 23, 2024 04:40 AM
From: Martin Feeney
Subject: Where is IBM SOAR storing incident records and how long will they be stored?
Hi On Chi Thanh,
There are no fixed retention by size or time limits on the SOAR system.
The data is stored in the DB, but in the case of the standalone appliance attachments are stored on the filesystem (on CP4S/Suite, the attachments are also in the DB).
------------------------------
Martin Feeney
Product Manager, IBM Security QRadar SOAR
martin.feeney@ie.ibm.com
Original Message:
Sent: Mon July 22, 2024 10:44 PM
From: On Chi Thanh
Subject: Where is IBM SOAR storing incident records and how long will they be stored?
Dear all, I have some questions about IBM SOAR:
- Where IBM SOAR storing incident records?
- What is maximum incident records can be stored and what if it reached ? (Retention by size)
- How long will incident records be stored ? (Retention by time)
Thanks and best regards.
------------------------------
On Chi Thanh
------------------------------