Security Center allows you to archive alerts generated 30 days ago. You can download archived alerts. We recommend that you archive historical alerts on a regular basis so that you can view and manage recent alerts in an efficient manner. This topic describes how to archive alerts.

Background information

After you click Archive data, Security Center archives all the handled and unhandled alerts generated 30 days ago. Then, you can download the archived alerts. You cannot view archived alerts in the Security Center console. To view archived alerts, download the archived alerts to an on-premises machine. If you have never archived alerts, you can view all the alerts in the Security Center console.
Note If your account does not have alerts that were generated 30 days ago, Security Center generates an empty file named suspiciousExport_date of the archive operation_timestamp of the archive operation.zip after you click Download in the Archive data dialog box on the Alerts page.

You can archive alerts only once within 24 hours. You can download archived alerts unlimited times.

The Basic, Basic Anti-virus, Advanced, and Enterprise editions of Security Center allow you to archive alerts.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Detection > Alerts.
  3. On the Alerts page, click Archive data in the upper-right corner.
    The following content provides more details:
    • If you click Archive data for the first time, Security Center archives alerts generated 30 days ago and provides a download link.
    • If it is not the first time that you clicked Archive data, Security Center archives alerts generated between the end date of the time range for the last archive operation and the date that is 30 days before the current date and provides a download link.

    For example, if you click Archive data for the first time on August 13, 2020, Security Center archives all alerts generated before and on July 14, 2020 in a file namedsuspiciousExport_20200813_1597282822.zip. If you click Archive data again on August 15, 2020, Security Center archives alerts generated from July 15, 2020 to July 16, 2020 in a file named suspiciousExport_20200815_1597455622.zip.

    Note Security Center can archive alerts only once every 24 hours. When you click Archive data for the first time within 24 hours, Security Center archives alerts and generates an archive file. When you click Archive data again within 24 hours, Security Center does not archive alerts. However, the Archive data dialog box appears, and you can view the alerts that were archived before.
  4. View the file of archived alerts in the Archive data dialog box.
  5. Click Download in the Download link column to download the file of archived alerts to your on-premises machine.
    The file of archived alerts is in XLSX format. It takes two to five minutes to download the file. The time required by a download operation varies based on the network bandwidth and the file size.
    After you download the file, you can view alert IDs, alert names, alert details, risk levels, alert status, IP addresses of the affected assets, names of the affected assets, suggestions for handling the alerts, and alert time in the file.
    Note If the alert status is expired, the alert was generated in the recent 30 days and you have not handled the alert. We recommend that you handle alerts reported by Security Center at the earliest opportunity.
  6. Click OK.