Working with Data Management

The Data Management page includes the following tabs:

  • Advanced – Use this page to clear tenant database indices (for example, when offboarding a tenant).

  • Retention Groups – Use this tab to review the retention groups configured for your deployment by your account manager.

Clearing Tenant Data in the Advanced Tab

Only administrative users with a Root scope and Super Admin or Platform Admin roles can view System | DATA MANAGEMENT | Data Management and clear database indices.

The Advanced tab on the System | DATA MANAGEMENT | Data Management page lets you clear specified database indices when offboarding a tenant or at any time when you want to purge one or more databases for a tenant that you want to continue using. Use the following procedure:

  1. Use the Select a Tenant drop-down menu to select the tenant whose data you want to clear.

  2. Select the database indices you want to clear – Records, Assets, Users, Cases – and then select Clear Database.

Stellar Cyber displays the progress of the task in a Task List panel that pops up on the interface. If the data purge is successful, Stellar Cyber indicates that the task is complete. If it’s unsuccessful, the task list indicates that there was an error. If this happens, try again and if still unsuccessful, contact Stellar Cyber Customer Services for assistance.

You might want to clear records, assets, users, and cases from the database if you’ve been using the Stellar Cyber Platform in a test trial and then decide to buy and put it into production.

Another situation when you might want to clear records and cases from the database is if you’ve been using Stellar Cyber for a little while and learn that numerous cases are false positives and your analytics are distorted as a result. In this case, because you’re just starting out, you might consider adjusting the setup or correcting the configuration as needed and then clearing the database to start over.

Reviewing Retention Groups

Only administrative users with a Root scope and Super Admin or Platform Admin roles can view System | DATA MANAGEMENT | Data Management.

The System | DATA MANAGEMENT | Data Management | Retention Groups tab lets you review the retention times configured for different types of data in both the hot and cold tiers for your account.

Retention Group Data Types

Your account manager can create different hot and cold retention times for Traffic, Log, Security, and Signals data, each of which corresponds to different indices in the Stellar Cyber data lake.

  • Traffic – The Traffic data type refers to all data stored under the Traffic index (aella-adr-*).

  • Security – The Security data type refers to all data stored under the Security Events/Alerts (aella-ser-*), Scans (aella-scan-*), Users (aella-users-*), Assets (aella-assets-*), and sensor monitoring (aella-ade-*).

  • Signals – The Signals data type refers to all data stored under the Signals index (aella-signals-*).

  • Log – The Log data type refers to syslog (aella-syslog-*) and all other indices, including AWS Events (aella-cloudtrail-*), Linux Events ( aella-audit-* ), ML-IDS Events ( aella-maltrace-* ), and Windows Events ( aella-wineventlog-* ).

    Note that the DP Monitoring index (aella-dp-monitor) does not have a Retention Group type.