Create a log repository

Views:

Create a log repository to organize collected log data according to specified ingestion and retention settings.

Go to Agentic SIEM & XDR → Data Source and Log Management → Third-party log repositories.
Click Create new log repository.
Specify a name and description for the log repository.

Select the desired ingestion and retention type.

Analytic ingestion: Ingests log data for analysis, correlation, and threat hunting, and supports both analytic and archival retention.
Archival ingestion: Ingests log data for infrequent queries or to meet compliance requirements, and only supports archival retention.
Archival retention: Stores data for compliance purposes or infrequent queries.
Analytic retention: Allows for frequent retrieval of log data for analysis, correlation, and threat hunting. The default retention period is 30 days.

Click Create.
The log repository is created and the log repository details drawer appears.
Add one or more collectors to the log repository to begin ingesting and retaining log data from your third-party data sources.