Retain an incident according to the Retention Policy.
By default, Cortex XSOAR keeps incidents for 6 months. The retention period is calculated from when the incident was created in Cortex XSOAR. For more information about the retention policy and how to extend retention, see Cortex XSOAR 8 Retention Policy FAQs.
Note
Up to 1,000 incidents per tenant can be excluded from the incident retention policy. Retained incidents are not deleted. If you reach 1000 retained incidents, you won't be able to exclude additional incidents from the retention policy, unless you disable incident retention for some or all of your existing retained incidents.
Only user roles that have retain incident permissions, can retain or undo incident retention. For more information, see The Components tab.