TippingPoint Advanced Threat Protection Analyzer can retain the investigation package data for up to 100 days, but the time can be reduced due to storage limitations.

The following examples illustrate how storage limitations can affect the amount of time that the investigation package data is retained in TippingPoint Advanced Threat Protection Analyzer.

Based on testing done by Trend Micro, the average size of the investigation package data is 8 MB. If TippingPoint Advanced Threat Protection Analyzer analyzes 8000 samples per day, then the resulting investigation package data is 64000 MB.

After about 62 days, the 4 TB disk from TippingPoint Advanced Threat Protection Analyzer 1100 is filled and the investigation package data is purged.

If TippingPoint Advanced Threat Protection Analyzer is in cluster mode, the disk space occupied per day is multiplied by the number of appliances in the cluster.

Using the numbers from the example above, the investigation package data for a cluster with five TippingPoint Advanced Threat Protection Analyzer 1100 appliances is purged after about 12 days.