We have introduced a new Time Period selector that is applied to XDR Data Lake queries. On creating a brand new Data Lake query, a new Data Lake query based off a canned query or a new scheduled Data Lake query you will see the new Time Period selector where you will choose whether the query will return data from the last 24 hours, 7 days or 30 days worth of data. The default will be 7 days of data. Prior to this change Data Lake queries were always returning a full 30 days worth of data from the Data Lake.
Action Required: For customers who have existing Scheduled Data Lake queries, those queries will be changing to return the default 7 days of data rather than returning the 30 days of data as they do today. Customers who want to continue to return 30 days worth of data on their existing Data Lake queries will need to modify the query to select the 30 day option rather than the 7 day default. To modify your scheduled queries, click 'Preferences' from the left hand menu in the Threat Analysis Center, click 'Scheduled Queries' tab on the Preferences page. Click on the query you want to modify and select the 'Query' tab where you'll see the option to select the 24 hour, 7 days or 30 days options and then click the button to 'Update Scheduled Query'.
To give customers some time to adjust any existing scheduled Data Lake queries, the new default time period won’t be enforced on any existing scheduled queries until the 10th of March.
-
Kevin Kingston
-
Cancel
-
Vote Up
0
Vote Down
-
-
Sign in to reply
-
More
-
Cancel
Comment-
Kevin Kingston
-
Cancel
-
Vote Up
0
Vote Down
-
-
Sign in to reply
-
More
-
Cancel
Children