Enable alert data retention

Learn how to configure a retention period for alerts.

1 minute read

With the StackRox Kubernetes Security Platform, you can configure the time to keep historical alerts stored. The StackRox Kubernetes Security Platform then deletes the older alerts after the specified time. By automatically deleting alerts that are no longer needed, you can save storage costs.

The alerts for which you can configure retention period includes:

  • Runtime alerts, both unresolved (active) and resolved.
  • Stale deploy-time alerts that don’t apply to the current deployment.
  • Configuring a retention period requires the StackRox Kubernetes Security Platform version 2.4.23.0 or newer.
  • Beginning from version 2.5.27.0, you can configure alert retention settings by using the StackRox portal or the API.
  • The deletion process runs every hour starting in version 2.5.27.0. In earlier versions, the deletion process runs every 24 hours. Currently, you can’t change this.
  • For more details about using the StackRox Kubernetes Security Platform APIs, see Use the API.
  • You need the Config role with READ and WRITE permissions to configure data retention. See Manage role based access control to know more about roles and permissions.
  • On a new installation of the StackRox Kubernetes Security Platform version 2.5.27.0 or higher, data retention settings are enabled by default. You can change these settings after the installation.
  • When you upgrade the StackRox Kubernetes Security Platform, data retention settings aren’t applied unless you’ve enabled them before.

Configure alert data retention

To configure alert data retention by using the StackRox portal:

  1. Navigate to Platform Configuration > System Configuration.

    Platform Configuration > System Configuration
    Platform Configuration > System Configuration

  2. On the System Configuration view header, select Edit.

  3. Under the Data Retention Configuration section, update the number of days for each type of data:

    • All Runtime Violations

    • Resolved Deploy-Phase Violations

    • Runtime Violations For Deleted Deployments

    • Images No Longer Deployed

      To save a type of data forever, set the retention period to 0 days.

      You can only select this option in the portal if you use the StackRox Kubernetes Security Platform version 3.0.46.0 or newer.

  4. Select Save.

To configure alert data retention by using the StackRox API, view the PutConfig API and related APIs in the ConfigService group in the API reference documentation. See View the API reference documentation to learn how to view the API reference from within the StackRox Kubernetes Security Platform.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.