Log/data retention in Sophos Central when computer account is deleted

Question

If an account is deleted from Central is the log data still retained? When attempting to delete an account it warns that the "alerts" will be deleted but gives no indication what will happen to the rest of the historical data. We have customers that need to retain this data for certain amounts of time due to various compliance standards. 
 
 Thanks,

PavSupport · Answer

Sophos stores info about an active account\machine for 90 days where it's accessible by a customer through Central dashboard. Each object will have 90 day history available. After a machine or user is deleted from Central, then Sophos will store the info on the back-end for next 90 days, but it will no longer be available to the customer through Central reports. 
 As Kyle P. mentioned, if historical reports are needed for compliance, then feeding Central logs into SIEM would be the way to go. Please see the following materials explaining more about it: 
 Sophos Central APIs: How to send alert and event data to your SIEM 
 Sophos Central: FAQs on SIEM https://support.sophos.com/support/s/article/KB-000036413?language=en_US 
 SIEM Integration in Sophos Central https://www.youtube.com/watch?v=1MPwbfoIdBk - quick tutorial\explanation 
 
 Hope that helps! Please let me know if you have any further questions!

Log/data retention in Sophos Central when computer account is deleted

Top Replies