Traffic data of the Sensor component is stored on the server with the Sensor component or on the server with Sensor and Central Node components if Sensor and Central Node are installed on the same server or deployed as a cluster.
Traffic data is recorded and stored in sequentially created files. The application stops recording data in one file and starts logging data in the next file if:
As traffic data accrues, Kaspersky Anti Targeted Attack Platform filters data and keeps only the following information:
Filtered traffic data is moved to a separate section. The rest of the traffic data (that do not satisfy filtering criteria) is deleted.
Filtered traffic data is saved in sequentially created files. The application stops recording data in one file and starts logging data in the next file if:
Filtered data traffic is stored for the last 24 hours. Older data is deleted.