This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mitja-S3NEXT
Collaborator
‎2026-01-27 06:03 AM
Jump to solution

What is the default LOG retention period in a Harmony Endpoint Advanced license?

What is the default LOG retention period in a Harmony Endpoint Advanced license?

(LOG, not AUDIT LOG)

1 Solution

Accepted Solutions
Mitja-S3NEXT
Collaborator
‎2026-03-11 08:25 AM
Jump to solution

SK and admin guide for more information: 

1. Audit Logs

  • Retention Period: Audit logs in Infinity Portal are kept for a minimum of one year (12 months), regardless of license.
  • Reference:

    "Audit logs are kept on record for a minimum of one year."
    (Infinity Portal Administration Guide)

2. Operational/Event Logs (All Other Logs)

  • Retention Period:
    • The default and guaranteed retention period for operational/event logs (including security events, endpoint activity, etc.) is determined by your Harmony Endpoint license.
    • For most standard licenses, this period is 90 days.
  • What Happens After Retention Period?
    • After the retention period (e.g., 90 days), logs are deleted and cannot be recovered from the Infinity Portal.
    • There is no official documentation confirming that operational/event logs are kept longer than the licensed retention period, even if you see some logs older than 90 days in the UI. This may be due to backend processing delays or exceptions, but you should not guarantee longer retention to customers.

3. NIS2 Compliance (180 Days)

  • Requirement: NIS2 requires all logs (not just audit) to be retained for at least 180 days.
  • Check Point Guarantee:
    • Unless you have a specific license or agreement for 180-day retention, Check Point only guarantees the retention period defined in your license (typically 90 days).
    • If you need to guarantee 180 days, you must:
      • Upgrade your license to a plan that supports 180-day retention (if available).
      • Export logs regularly to external storage (e.g., SIEM, Azure Storage, etc.) for long-term retention.

4. Forwarding/Exporting Logs

  • Infinity Portal allows forwarding logs to external storage (e.g., Azure Storage), but note:
    • The storage account retains data for only 7 days by default (unless you configure longer retention on your storage solution).
    • You are responsible for managing retention in external systems.


Check Point guarantees log retention for the period defined in your license. For most customers, this is 90 days for all operational/event logs and 1 year for audit logs. If you require 180-day retention for NIS2 compliance, you must either upgrade your license or regularly export your logs to an external system for long-term storage.
 

View solution in original post

21 Replies
the_rock
MVP Diamond
MVP Diamond
‎2026-01-27 06:11 AM
Jump to solution

Im fairly sure its 90 days.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Mitja-S3NEXT
Collaborator
‎2026-01-27 06:13 AM
In response to the_rock
Jump to solution

No, thats surely not.
I can see LOGs from 2023. But what I need to know is the exact limitation.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-27 06:20 AM
In response to Mitja-S3NEXT
Jump to solution

I was thinking of something else then. Lets see if someone can confirm for sure. Maybe if you check with Account services, they might be able to verify as well.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Mitja-S3NEXT
Collaborator
‎2026-01-27 06:27 AM
In response to the_rock
Jump to solution

That would be very nice.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-27 06:30 AM
In response to Mitja-S3NEXT
Jump to solution

If I were you, would call Account services folks, just give them your UC account number and Im positive they will give you the right info. I always find them to be extremely helpful when I call.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2026-01-27 06:28 AM
In response to the_rock
Jump to solution

Correct 90 days is default (for Cloud Managed) per:

https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/...

CCSM R77/R80/ELITE
0 Kudos
Mitja-S3NEXT
Collaborator
‎2026-01-27 06:33 AM
In response to Chris_Atkinson
Jump to solution

 

Any idea, why I see LOGs from 2023, I attached a screenshot?
Maybe I forgot to mention it is the CLOUD version of Endpoint.

 

Preview file
146 KB
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2026-01-27 03:48 PM
In response to Mitja-S3NEXT
Jump to solution

Do you have any of the retention license extensions in place per: sk182394 ?

CCSM R77/R80/ELITE
0 Kudos
Mitja-S3NEXT
Collaborator
‎2026-01-27 11:08 PM
In response to Chris_Atkinson
Jump to solution

No, everything is default, the license is Harmony Endpoint Advanced,

0 Kudos
PhoneBoy
Admin
Admin
‎2026-01-29 11:43 AM
In response to Mitja-S3NEXT
Jump to solution

I would check with TAC on this, honestly. 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-30 04:14 PM
Jump to solution

Hey mate,

Were you able to find the answer to this?

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Mitja-S3NEXT
Collaborator
‎2026-02-02 10:53 AM
In response to the_rock
Jump to solution

Unfortunately not.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-02 10:55 AM
In response to Mitja-S3NEXT
Jump to solution

Did you open Account services case?

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Mitja-S3NEXT
Collaborator
‎2026-02-02 10:56 AM
In response to the_rock
Jump to solution

It is a sales related technical question. 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-02 11:06 AM
In response to Mitja-S3NEXT
Jump to solution

I would still see if Account services would know, if not, they can refere you to your SE.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Mitja-S3NEXT
Collaborator
‎2026-02-02 11:08 PM
In response to the_rock
Jump to solution

I opened now a TAC, i will keep this post updated.

the_rock
MVP Diamond
MVP Diamond
‎2026-02-03 03:53 AM
In response to Mitja-S3NEXT
Jump to solution

Please keep us posted.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Mitja-S3NEXT
Collaborator
‎2026-02-04 06:45 AM
In response to the_rock
Jump to solution

This is the TAC response:

----------------------------------------------------------------------

Thank you for contacting Check Point Account Services.

Please note that while Account Services is happy to assist with any licensing and/or User Center related issues, we are a post-sales team only and therefore do not handle sale related issues.

 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-04 06:47 AM
In response to Mitja-S3NEXT
Jump to solution

K, so then I suppose only other logical option would be your local SE.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Mitja-S3NEXT
Collaborator
‎2026-03-11 08:25 AM
Jump to solution

SK and admin guide for more information: 

1. Audit Logs

  • Retention Period: Audit logs in Infinity Portal are kept for a minimum of one year (12 months), regardless of license.
  • Reference:

    "Audit logs are kept on record for a minimum of one year."
    (Infinity Portal Administration Guide)

2. Operational/Event Logs (All Other Logs)

  • Retention Period:
    • The default and guaranteed retention period for operational/event logs (including security events, endpoint activity, etc.) is determined by your Harmony Endpoint license.
    • For most standard licenses, this period is 90 days.
  • What Happens After Retention Period?
    • After the retention period (e.g., 90 days), logs are deleted and cannot be recovered from the Infinity Portal.
    • There is no official documentation confirming that operational/event logs are kept longer than the licensed retention period, even if you see some logs older than 90 days in the UI. This may be due to backend processing delays or exceptions, but you should not guarantee longer retention to customers.

3. NIS2 Compliance (180 Days)

  • Requirement: NIS2 requires all logs (not just audit) to be retained for at least 180 days.
  • Check Point Guarantee:
    • Unless you have a specific license or agreement for 180-day retention, Check Point only guarantees the retention period defined in your license (typically 90 days).
    • If you need to guarantee 180 days, you must:
      • Upgrade your license to a plan that supports 180-day retention (if available).
      • Export logs regularly to external storage (e.g., SIEM, Azure Storage, etc.) for long-term retention.

4. Forwarding/Exporting Logs

  • Infinity Portal allows forwarding logs to external storage (e.g., Azure Storage), but note:
    • The storage account retains data for only 7 days by default (unless you configure longer retention on your storage solution).
    • You are responsible for managing retention in external systems.


Check Point guarantees log retention for the period defined in your license. For most customers, this is 90 days for all operational/event logs and 1 year for audit logs. If you require 180-day retention for NIS2 compliance, you must either upgrade your license or regularly export your logs to an external system for long-term storage.
 

the_rock
MVP Diamond
MVP Diamond
‎2026-03-11 09:19 AM
In response to Mitja-S3NEXT
Jump to solution

Thanks for updating us!

Best,
Andy
"Have a great day and if its not, change it"

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events