What data is stored and for how long?

Types of stored data:

• Suricata events (Flow, DNS, HTTP, TLS, etc.);
• aggregated statistics;
• AI analysis results and anomaly labels;
• internal system states.

Retention period:

• configurable by the administrator;
• determined by Redis cleanup policies;
• not hardcoded into the system.

By default, the system does not assume infinite data retention.