Some of the most important security analytics tasks that organizations perform is done with the pressure of a running clock and exacting standards for how data is preserved and manipulated. Unlike day-to-day log analysis, post-breach inspection of security data requires special considerations in the collection and handling of information following a compromise. Organizations should retain at least a year’s worth of relevant log data, with three months’ worth online and ready to search at a moment’s notice, says Lucas Zaichkowsky.”]
Source: https://www.darkreading.com/analytics/5-considerations-for-post-breach-security-analytics