Scan data retention and scan archiving
There is a default data retention setting to limit the amount of information displayed in the Invicti Platfrom user interface. This setting automatically archives some scans (and the associated vulnerabilities) so you can manage your scan results more easily.
This document explains how scan data retention and scan archiving work in Invicti Platform.
Data deletion and archiving
Archiving and deletion of scan data in Invicti Platform behaves in the following manner according to the type of scans being run:
- One-time scans: The last 7 good scans (completed) on a target that use the same scan profile or use a combination of the same scan profile and the Full Scan profile are retained on the scans page. All other one-time scans are archived. Any archived scans older than 400 days are automatically deleted.
- Recurrent scans: The last 7 good scans (completed) on a target are retained on the scans page. All other recurrent scans are archived. Any archived scans older than 400 days are automatically deleted.
- Continuous scans: The last 7 good scans (completed) on a target are retained. All other continuous scans are archived. Any archived scans older than 1 month are automatically deleted.
Scan archiving is not an instant process. Scan data archiving is a background task that occurs every 12 hours in Invicti Platfrom. |
Vulnerability archiving
Vulnerabilities inherit their status from the last scan that reported the vulnerability. If that scan is archived, then the vulnerabilities will be archived as well. Once a vulnerability is archived, it usually means that it was solved and the follow-up scans are not finding it anymore. If that vulnerability is found again, then the scan that found it will show it.
Illustrative example
- Day one: You run a scan on a target and find a cross-site scripting vulnerability. You fix the vulnerability.
- Day two: You scan the target again, and the cross-site scripting vulnerability is not found since it was already fixed the previous day. You set scan data retention to '2'.
- Day three: You scan the target again, and the cross-site scripting vulnerability is not found since it was already fixed on day one.
- Day four: You scan the target agai,n and the cross-site scripting vulnerability is not found since it was already fixed on day one. After this fourth scan, your first scan from day one is archived. Since the last scan in which the cross-site scripting vulnerability was found becomes archived, the vulnerability itself also becomes archived.
- Day five: You scan the target again and find the same cross-site scripting vulnerability. Now the cross-site scripting vulnerability will be visible again in your active vulnerabilities list since the latest scan that detected it is not archived.
Deletion of archived scans
The following default settings are in place:
- Recurrent and one-time scans: Invicti will retain archived scans and vulnerabilities for 400 days.
- Continuous scans: Archived continuous scan sessions are automatically deleted after 30 days.