Long Term Telemetry Retention (LTTR)
Long Term Telemetry Retention (LTTR) is a SenseOn platform feature that allows customers to retain telemetry data for up to 12 months, extending beyond the default 30-day hot storage period. LTTR supports regulatory compliance, retrospective threat analysis, and long-term visibility into security events — all while maintaining cost efficiency through warm storage.
What Is LTTR?
LTTR enables the storage of telemetry data in warm storage for up to 12 months. While data in hot storage is immediately accessible for real-time investigations (up to 30 days by default), warm storage offers extended retention with slightly increased query latency, suitable for historical analysis and compliance requirements.
How It Works
- Default Retention: 30 days in hot storage.
- With LTTR: After 30 days, telemetry is automatically moved to warm storage, where it is retained for up to an additional 11 months (total 12 months).
- Access Method: Warm storage data is accessible via Hunt Lab, with minimal performance delay.
Key Features
| Feature | Description |
|---|---|
| Extended Retention | Retain telemetry data for up to 12 months. |
| Warm Storage Architecture | Data is preserved in warm storage, ensuring durability and availability. |
| Accessible Historical Data | Enables queries on older telemetry without needing to restore data. |
| Simple Activation | Activation requires only a quick request to the SenseOn team. |
Benefits
1. Enhanced Forensics and Retrospective Investigations
LTTR provides analysts and responders with access to long-term telemetry, allowing for thorough investigation of historical security incidents, root cause analysis, and incident response validation.
2. Compliance and Audit Readiness
Many regulatory frameworks (e.g., ISO27001, PCI:DSS) require long-term data retention. LTTR helps customers meet these obligations by securely retaining telemetry in accordance with policy requirements.
3. Cost-Effective Long-Term Storage
Warm storage provides a significantly more economical solution compared to keeping all telemetry in hot storage, reducing the cost of retaining large volumes of data over time.
4. Long-Term Threat Visibility
Having access to up to a year of telemetry allows organisations to: - Identify trends across time - Increased ability to detect and monitor indicators of compromise (IOCs)
Who Is LTTR For?
LTTR is particularly valuable for: - CISOs and Compliance Officers – for meeting audit requirements - SOC Managers and Analysts – for incident review and trend tracking - Incident Responders – for forensic investigation of older events
Getting Started with LTTR
To enable Long Term Telemetry Retention, please contact SenseOn Support or your Customer Success Manager who can enable this feature.