Security Center allows you to archive the alerts generated prior to 30 days ago. You can download archived alerts. We recommend that you archive historical alerts on a regular basis so that you can view and manage the latest alerts in an efficient manner. This topic describes how to archive alerts.

Background information

After you click Archive data on the Alerts page, Security Center archives all alerts generated prior to 30 days ago. Then, you can download the archived alerts. Archived alerts are no longer displayed in the Security Center console. To view archived alerts, you must download the alerts to your computer. If you have never archived alerts, you can view all the alerts in the Security Center console.
Note If no alerts were generated prior to 30 days ago for your account, Security Center generates an empty file named suspiciousExport_Date of the archive operation_Timestamp of the archive operation.zip after you click Archive data on the Alerts page.

You can archive alerts only once within a 24-hour period. The number of times allowed to download archived alerts is unlimited.

Limits

All editions of Security Center support this feature. For more information about the features that each edition supports, see Feature.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Detection > Alerts.
  3. In the upper-right corner of the Alerts page, click Archive data.
    The following list provides more information about this operation:
    • If this is the first time that you click Archive data, Security Center archives alerts generated prior to 30 days ago and provides a download link.
    • If this is not the first time that you click Archive data, Security Center archives alerts generated within a specific time range and provides a download link. The start of the specific time range is the day that follows the day alerts were last archived and the end is 30 days before the current day.

    For example, if you clicked Archive data on August 13, 2020 for the first time, Security Center archives all alerts generated before and on July 14, 2020 and generates a file named suspiciousExport_20200813_1597282822.zip. If you clicked Archive data again on August 15, 2020, Security Center archives the alerts generated from July 15, 2020 to July 16, 2020 and generates a file named suspiciousExport_20200815_1597455622.zip.

    Note Security Center archives alerts only once within a 24-hour period. When you click Archive data for the first time within 24 hours, Security Center archives alerts and generates an archive file. When you click Archive data again within 24 hours, Security Center does not archive alerts. However, the Archive data dialog box appears, and you can view the alerts that have been archived.
  4. In the Archive data dialog box, view the file of archived alerts.
  5. Click Download in the Download link column to download the file of archived alerts to your computer.
    The file of archived alerts is in the XLSX format. It takes 2 to 5 minutes to download a file. The time required by a download operation varies based on the network bandwidth and the file size.
    After you download a file, you can view the alert information in the file. The information includes the IDs, names, details, risk levels, and status of alerts. It also provides information about affected assets, names of the affected assets, suggestions for handling the alerts, and points in time at which alerts were generated.
    Note If an alert is in the Expired state, the alert has been generated within the last 30 days but you have not handled the alert. We recommend that you handle the alerts generated by Security Center at the earliest opportunity.
  6. Click OK.