The data retention policies control when data should be deleted from the system. A retention policy contains a filter that is used to identify the events for which the retention policy applies and the minimum and maximum number of days these events should be kept in the system.
You can configure one or more data retention policies to control the duration for which specific types of events are retained in Sentinel. Except for the Raw Data Retention policy, all of the configured policies apply to the event data.
The configured retention policies are displayed in the data retention policy table. By default, the data retention policy table is refreshed every 30 seconds to reflect the changes made by multiple administrators.
NOTE:For traditional storage, data retention policies are applied in addition to the configured disk space usage parameters, as described in Configuring Disk Space Usage. These policies are a logical overlay, whereas the disk space usage configuration is related to the physical memory space usage.