With the StackRox Kubernetes Security Platform, you can configure the time to keep historical alerts stored. The StackRox Kubernetes Security Platform then deletes the older alerts after the specified time. By automatically deleting alerts that are no longer needed, you can save storage costs.
The alerts for which you can configure retention period includes:
- Runtime alerts, both unresolved (active) and resolved.
- Stale deploy-time alerts that don’t apply to the current deployment.
- Configuring a retention period requires the StackRox Kubernetes Security Platform version 184.108.40.206 or newer.
- Beginning from version 220.127.116.11, you can configure alert retention settings by using the StackRox portal or the API.
- The deletion process runs every hour starting in version 18.104.22.168. In earlier versions, the deletion process runs every 24 hours. Currently, you can’t change this.
- For more details about using the StackRox Kubernetes Security Platform APIs, see Use the API.
- You need the Config role with
WRITEpermissions to configure data retention. See Manage role based access control to know more about roles and permissions.
- On a new installation of the StackRox Kubernetes Security Platform version 22.214.171.124 or higher, data retention settings are enabled by default. You can change these settings after the installation.
- When you upgrade the StackRox Kubernetes Security Platform, data retention settings aren’t applied unless you’ve enabled them before.
To configure alert data retention by using the StackRox portal:
Navigate to Platform Configuration > System Configuration.
On the System Configuration view header, select Edit.
Under the Data Retention Configuration section, update the number of days for each type of data:
All Runtime Violations
Resolved Deploy-Phase Violations
Runtime Violations For Deleted Deployments
Images No Longer Deployed
To save a type of data forever, set the retention period to
You can only select this option in the portal if you use the StackRox Kubernetes Security Platform version 126.96.36.199 or newer.
To configure alert data retention by using the StackRox API, view the
PutConfig API and related APIs in the
ConfigService group in the API
See View the API reference documentation
to learn how to view the API reference from within the StackRox Kubernetes Security Platform.
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.