This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MarcuzShinz
Collaborator
Collaborator
‎2025-12-02 05:55 AM
Jump to solution

Critical: data loss risk – daily log ingestion might be capped!

Hi Checkmates,

I’m currently facing an issue with our Harmony Endpoint Cloud tenant displaying the following message: “Critical: data loss risk – daily log ingestion might be capped! For more information please see SK182394.” I checked the SK and it seems that our daily logs are exceeding the allowed threshold, and we need to optimize this by disabling firewall accept logs.

Does anyone know how long log retention is supported for a Harmony Cloud tenant, and what the maximum storage capacity is?

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-12-02 06:06 AM
Jump to solution

Data Storage and Retention

  • Threat Hunting and Endpoint Data Retention is 90 days by default.

  • Ingestion limit is 110MB, per seat, per day.

  • Additional Data Retention is available for 1 year, by using the Threat Hunting Data Retention SKU/ Infinity Events SKUs.

  • For more information, see sk182394.

Source: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/... 

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
5 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-12-02 06:06 AM
Jump to solution

Data Storage and Retention

  • Threat Hunting and Endpoint Data Retention is 90 days by default.

  • Ingestion limit is 110MB, per seat, per day.

  • Additional Data Retention is available for 1 year, by using the Threat Hunting Data Retention SKU/ Infinity Events SKUs.

  • For more information, see sk182394.

Source: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/... 

CCSM R77/R80/ELITE
0 Kudos
MarcuzShinz
Collaborator
Collaborator
‎2025-12-02 06:06 PM
In response to Chris_Atkinson
Jump to solution

I have one more question, so can we manual delete the logs on the cloud tenant harmony? because for now I still see the warning on tenant, but we have disable log record on some policy firewall.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-12-02 06:43 PM
In response to MarcuzShinz
Jump to solution

Retention and Ingestion are separate issues, you may need to monitor for a period to see if the trend is reducing to the required level.

CCSM R77/R80/ELITE
0 Kudos
lluner
Advisor
‎2025-12-02 06:08 AM
Jump to solution

This link contains the information.

sk182394 - Cloud Log Analytics & Logging - Ingestion / Retention Solution

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-12-02 07:24 AM
Jump to solution

Worth checking that the desktop firewall policy isn't set to log 'everything' a common trap.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events