Issue
How long does Red Canary store customer data?
Environment
Red Canary
Resolution
Red Canary stores all Detection (Confirmed Threat) related data for the life of the account.
We ingest our customer's telemetry data into our AWS S3 Storage. After 30 days all of the EDR telemetry that is not related to a Detection is moved to our AWS Glacier (archival) Storage where it is retained for 1 year (365 days). This often exceeds the amount of time data is retained in native EDR platforms.
Data can be requested on demand by contacting your account or support teams.
NOTE: Once the data is moved to Glacier Storage it takes time to recover the data and it can be expensive to recover.
If Red Canary hosts your EDR solution (like Carbon Black EDR), the EDR telemetry is only stored for 14 days by default unless a different retention time is requested.