For how many days are alerts accessible in the Custom Alerts History page of CrowdStrike Falcon?

The alerts accessible in the Custom Alerts History page of CrowdStrike Falcon are retained for a period of 90 days. This retention period allows security teams to review and analyze historical alert data, enabling them to identify trends, investigate incidents that may have occurred, and fine-tune their alert configurations. The 90-day window strikes a balance between providing ample time to react to alerts and ensuring that the data storage remains manageable.

Having access to a three-month history of alerts is beneficial for performing thorough investigations and understanding the context of security events. It allows organizations to look back and correlate alerts over time, which is crucial for discovering patterns or recurring issues that might require further attention. Thus, retaining alerts for 90 days empowers users to make informed decisions regarding their security measures and improves overall threat detection capabilities.