Best Practices for backing up data on the MVISION-ePO platform
Technical Articles ID:
KB94941
Last Modified: 2022-02-02 20:07:50 Etc/GMT
Environment
MVISION ePolicy Orchestrator (MVISION ePO)
Summary
MVISION ePO Data Retention Policy
Data is retained on MVISION ePO tenants for one year. Any data older than twelve months is purged on a monthly basis, which includes the data listed below:
- Threat Events
- Client Events
- Audit Log Entries
- Server Task Log Entries
NOTES:
- Threat Events and Client Events are purged based on Event Received Time. This time corresponds to the time the event was received at the ePO server. It might differ from the Event-Generated Time, which is the time the event was created on the endpoint.
- Data over one year old is removed during the first half of the month. If you want to retain this data, we recommend that you do so during the second half of the month.
- It’s also possible to transfer event data to a Security Information and Event Manager (SIEM) using API commands. For more information about Event Operations, see MVISION ePO Product Guide.
Log on and access the MVISION application:
- Go to the MVISION Sign In page.
- Sign in to the MVISION-ePO application.
Export Threat Events:
- Go to Menu, Reporting, Threat Event Log.
- In the Preset drop-down list, select Last year.
- Click Actions, Export Table.
- Select the needed file format in the File format radial selection: CSV, HTML, XML, or PDF.
- In the Recipients field, enter a valid email address.
- Click Export.
Export Audit Log Entries:
- Go to Menu, Reporting, Audit Log.
- In the Preset drop-down list, select No Filter.
- Click Actions, Export Table.
- Select the needed file format in the File format radial selection: CSV, HTML, XML, or PDF.
- In the Recipients field, enter a valid email address.
- Click Export.
Export Server Task Log Entries:
- Go to Menu, Reporting, Server Task Log.
- In the Preset drop-down list, select All.
- Click Actions, Export Table.
- Select the needed file format in the File format radial selection: CSV, HTML, XML, or PDF.
- In the Recipients field, enter a valid email address.
- Click Export.
Export Client Events:
- Go to Menu, Reporting, Queries and Reports.
- Click New Query.
- In the Datasource Type drop-down list, select ePO.
- In the Feature Group selection, select Events.
- From the Results Type radial selection, select Client Events.
- Click Next.
- From the Chart type selection, select Table.
NOTE: You can optionally change how the events are ordered on this page using the Sorting drop-down list.
- Click Next.
- On this page, select the columns you want displayed in the export.
NOTES:
- We recommend that you only select columns in the Client Events section. Not all events contain data in all selectable columns.
- Excessive column selection can make the report take longer to generate, and the end report might be hard to read.
- Click Next.
- Apply a filter if you’re only concerned with a subset of the client events; otherwise, click Save.
- In the Query Name field, enter a name for the report.
- In in the Query Group field, select a group for the report to be located.
- Run the report you created. You can find it by searching for the name you gave the report in step 14.
- Click Actions, Export Table.
- Select the needed file format in the File format radial selection: CSV, HTML, XML, or PDF.
- In the Recipients field, enter a valid email address
- Click Export.
|