Data retention periods

The following table describes the standard Data Retention Period per product available in Unified Security Service.

Please note that all charts are based on a 30 day period regardless of the log retention period.


Retention Period

Web Security (including Gateway Anti-malware and Image Analysis)

3 months

Cloud Application Control Broker (API mode)

3 months

Cloud Application Control Broker (Inline mode)

3 months

Email Security

3 months

Cloud Multi-Factor Authentication (powered by Entrust)

3 months


3 month

ASE Events

3 months

What happens after the retention period ?

After the retention period the old data is automatically archived and made available to download from the Report Archives section in CSV format.

Products marked with an * are not currently automatically archived.

Log archives may be deleted after 12 months. Please download the archive files if you wish to keep the data for longer.

How much data does a Log Archive contain?

The default is one day worth of log data per archive file. This can be changed by contacting your service provider. Log archives start to be generated at the end of the retention period for the product.

How far back can I query log data in the dashboard?

You can query log data within the last 90 days, however please note that it may not be feasible to return all the results on a large data set. Always try and specify as many criteria as possible to narrow down your search. Some data sets have the ability to easily return millions of rows for a short period of time (Excel can only open files with less than 1M rows). Also consider Log Streaming as an option.

How did we do?