As per SailPoint documentation, All audit data in IdentityNow is stored for a maximum of 90 days or 100,000 events, depending on its type. If you need to access older data, up to 5 years old, fill out the Audit History Request form and submit it with a support ticket.
Does any one have information on below?
What kind of support ticket we need to raise general support ticket (or) expert services ticket?
Is there any standard audit process followed on audit logs?
Can we these logs be made available more than 90days?
Does the audit logs retained for 5 years in IdentityNow to request via support ticket?
I’m Daniel LaBarre, Product Manager of the Search and Audit features. Appreciate the feedback and wanted to give you some insight into the roadmap and how to currently request extra data.
1 and 2. If you are looking for audit data past what is available in your tenant, you can fill out the word document on this page (Audit Reports and Monitoring in IdentityNow - Compass) by clicking the “Audit History Request Form” button and send it over in a general support ticket. This is the process we have in place currently for requesting audit data past 90 days.
We are actually rolling out a feature enhancement to audit to allow up to 1 years worth of audit data (12 months + current month) in IdentityNow. We’re hoping this will be released sometime next month. Same restrictions apply in the UI with max download of 100k records, but the API would surface up to 1 year of data. We’re also evaluating a timeframe or an enhancement that will allow up to 7 years of audit data via the Search API. I will update with more info once we have a timeline.
With the process outlined in the first answer, you can request up to 5 years of data in the support ticket.
Hope this answered your questions and let me know if you have any more questions.
Just wanted to update you on the release of our extension of audit data from 90 days availability to 13 months. We completed the roll out of 13 months of audit data for all orgs this week and will have announcement and documentation changes released next week.
Feel free to check your org and let me know if you don’t see 13 months of audit data.