Data retention - Learn more about the default retention periods for all Cortex Cloud licenses and the available retention add-ons. - Administrator Guide - Cortex CLOUD

Cortex Cloud Posture Management Documentation
Product
Cortex Cloud Application Security > Cortex CLOUD
License
Cloud Posture Management
Creation date
2025-01-22
Last date published
2026-06-04
Category
Administrator Guide
Abstract

Learn more about the default retention periods for all Cortex Cloud licenses and the available retention add-ons.

After purchasing your license retention add-ons, you can view details about your Cortex Cloud licenses and retention add-ons by selecting SettingsCortex Cloud License. For more information on your storage license details, see Dataset Management.

Default retention periods

The following table summarizes the default retention periods for Cortex Cloud:

Data Type

Default Retention Period

Ingested data

31 days

Cases and Issues data

186 days

Note

Case data is retained according to the Last Updated date.

Issue data is retained according to the Observation Time. Data collected within these dates is kept and displayed for 186 days. To ensure the accuracy of issues, Cortex Cloud provides a grace period of up to 31 days for issues displayed in the Issues View, Issues table, and Cases View.

Forensic data

365 days

Note

Requires the Forensics add-on.

Audit logs

365 days

Query data

186 days

Retention add-ons

Retention add-ons are provided for ingested data and Cases and Issues data. Minimum requirements are dependent on the license type. You can purchase one or more of the following add-ons:

Feature

Description

Additional Cases and Issues Retention

An additional 31-day hot storage of Case and Issue data apart from the default 186 days.

Available for purchase per month for each endpoint.

Period-Based Retention - Hot Storage (All datasets)

Fully searchable storage for investigation and threat hunting of ingested data, and Cases and Issues data.

Requires purchasing a minimum of one month of the additional retention.

Additional Hot Storage (Selected datasets)

Flexible hot storage-based retention to help accommodate varying storage requirements for different retention periods and datasets. Fully searchable storage for investigation and threat hunting of ingested data.

Available for purchase with storage for a minimum of 1,000 GB.

Period-Based Retention - Cold Storage

Lower-cost storage of ingested data for long-term compliance needs with limited search options.

Requires purchasing a minimum of six months of additional retention.