Cortex XDR data storage is managed in the Cortex XDR Data Layer. You receive data storage based on the amount of storage associated with your licenses. Generally, this capacity is determined by factors such as your daily ingestion needs and the number of users in your deployment. All Cortex XDR licenses provide you with default retention periods. You can extend your license retention depending on your requirements for hot and cold storage.
To determine the licenses you require for your data storage requirements, it's important that you understand the data storage lifecycle specifically the differences between hot and cold storage options available. The following image shows examples of the differences between hot and cold storage:
Data enters Cortex XDR via a data stream called the Data Ingestion Pipeline, where all the data manipulation occurs, such as normalization, enrichment, and analytics. Once the data is ready, the data is transferred to any of the following three places, which is dependent on your licenses: