Autoremove Data

Autoremove Data

Autoremove Data provides a mechanism to automatically manage the large amount of data that Snare Central is capable of collecting. Snare administrators can establish scheduled deletion tasks based on data age, log type, log name or agent.

Standards like PCI DSS have minimum time retention on logs, and the Autoremove Data capability allows automatic purging of Snare data after a defined period of time. This feature is flexible enough to support different log data aging criteria for different types of data or different sources of the data (agents).

When configuring this functionality the administrator will be able to list, create, delete, modify and schedule 'autoremove' tasks. Snare Central support up to 100 auto-remove tasks.

The following criteria are available:

1. Agent: files associated with this Agent match term
2. Date: files associated with this Date match term
3. LogType: files associated with this Log Type match term
4. All: Remove all files that meet the defined age criteria.

A Test button is provided for testing the matching and age criteria upon the actual Snare data showing a list of files that will be affected by the task.

Remove Data

The Remove Data page  provides the ability to remove data by date, log type or agent.

Use the three dropdown lists to select which logs you want to be removed. You can delete logs based on date, systems and logtypes.

Once you are satisfied with your selection, clicking the Remove button will start the process of removing the actual underlying files, and regenerating the metadata associated with those particular dates, log types and agents.

It may take up to 15 minutes for the changes made by the file removal process to reflect in the list of dates/log types and agents displayed on this or any other pages that rely on the Snare Central metadata subsystem.