What's your log retention approach? Do you have a SIEM, log management system or both? And how long do you retain logs on devices (e.g. firewalls), in SIEM and in a log management system?
Sort By:
Oldest
CISO in Software2 years ago
1 year is standard in most casesHead of IT in Manufacturing2 years ago
Depends on what kind of logs…some logs are delete automatically after some time (SaaS Tools like Sophos f.e.), others are also deleted because of GDPR Requierments (internet logs, guest access). We definied the most crucial logs for us and collecting them in a log aggregation tool for 12 months, in some cases also longer (AD Logs), which are getting archived after 12 months and can be used on demand. I propose to first start an overview of all logs you want to collect, categorize them und define the storage / duration.
Don’t forget also to look at the legal requirements & GDPR.