Purging Discovery Data from the Database
You can use the Discovery Data Purge page to purge files from the network discovery and user discovery event databases. Note that when you purge a database, the appropriate process is restarted.
Caution Purging a database removes the data you specify from the Defense Center. After the data is deleted, it
cannot be recovered.
To purge the network and user discovery database:
Access:
Admin/Any Security Analyst
Step 1 Select
System > Tools > Data Purge
.
The Data Purge page appears.
Step 2 Under
Network Discovery
, perform any or all of the following:
-
Select
Network Discovery Events
to remove all network discovery events from the database.
-
Select
Hosts
to remove all hosts and Indications of Compromise flags from the database.
-
Select
User Activity
to remove all user events from the database.
-
Select
User Identities
to remove all user login and user history data from the database.
Step 3 Under
Connections
, perform any or all of the following:
-
Select
Connection Events
to remove all connection data from the database.
-
Select
Connection Summary Events
to remove all connection summary data from the database.
-
Select
Security Intelligence Events
to remove all Security Intelligence data from the database.
Note Selecting Connection Events does not remove Security Intelligence events; connections with Security Intelligence data will still appear in the Security Intelligence event viewer. Correspondingly, selecting Security Intelligence Events does not remove connection events with associated Security Intelligence data.
Step 4 Click
Purge Selected Events
.
The items are purged and the appropriate processes are restarted.