Introduction
As part of the Field Effect MDR service, ninety (90) days worth of endpoint and network telemetry is stored locally on your primary appliance. Security relevant cloud monitoring telemetry from supported cloud integrations will be queried, stored, and enriched before being analyzed by Field Effect MDR. 30-days' worth of general logs are retained, and storage of security-related events, derived from log analysis, are stored for up to 90 days.
Clients may also choose to back up this data in the Field Effect datacenter for longer periods at an additional cost:
- Extended Log Retention: All Field Effect alerts and their associated logs can be backed up in the Field Effect controlled cloud storage within the country of your choice (Canada, USA or UK) for a minimum of 12 months. Additional years can be purchased in yearly increments if additional log retention is needed.
- Full Log Retention: The Field Effect Primary Appliance also supports the ingestion of syslog data forwarded from devices that can access that appliance. In addition to retaining all Field Effect MDR alerts and associated log files, this offering will also retain any syslogs that are pushed to the primary appliance. Additional years can be purchased in yearly increments if additional log retention is needed. To set up the primary appliance to be able to ingest syslog data, please contact support@fieldeffect.com.
How Log Retention Impacts CIS Controls
The following table shows Center for Internet Security (CIS) compliance controls and how are log retention meets these specific controls.
| CIS # | CIS Title | CIS Description | Asset At Corporate Office | Remote Asset |
|---|---|---|---|---|
| 8.5 | Collect Detailed Audit Logs | Configure detailed audit logging for enterprise assets containing sensitive data. Include event source, date, username, timestamp, source addresses, destination addresses, and other useful elements that could assist in a forensic investigation. | Yes, detailed audit logs are captured and saved on our network appliance. These logs are retained for 90 days. | Yes, detailed audit logs are captured and saved on our network appliance. These logs are retained for 90 days. |
| 8.6 | Collect DNS Query Audit Logs | Collect DNS query audit logs on enterprise assets, where appropriate and supported. | Yes, DNS query audit logs are captured at both the network and host layer and saved on our network appliance. These logs are retained for 90 days. | Yes, DNS query audit logs are captured at the host layer and saved on our network appliance. These logs are retained for 90 days. |
| 8.7 | Collect URL Request Audit Logs | Collect URL request audit logs on enterprise assets, where appropriate and supported. | Yes, URL Request audit logs are captured and saved on our network appliance. These logs are retained for 90 days. | No URL logging is performed. |
| 8.8 | Collect Command-Line Audit Logs | Collect command-line audit logs. Example implementations include collecting audit logs from PowerShell®, BASH™, and remote administrative terminals. | Audit logs from command line parameters to new processes are captured and saved on our network appliance. These logs are retained for 90 days. Interactive commands through remote administrative terminals and full PowerShell and BASH logs are not currently collected from endpoints. | Audit logs from command line parameters to new processes are captured and saved on our network appliance. These logs are retained for 90 days. Interactive commands through remote administrative terminals and full PowerShell and BASH logs are not currently collected from endpoints. |
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article