cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Highlighted
LuisJavier
LuisJavier
Level 8
Report Inappropriate Content
Message 1 of 3
4 weeks ago

Delete data source events from ELM

Hi, 

I want to delete some events from the ELM of a certain data source and, if possible, from a certain data range.

I've been looking and the only thing close to what I want is this from 2014: https://community.mcafee.com/t5/Security-Information-and-Event/What-happens-with-events-when-you-del...

It says that when you delete a data source, the events in the ELM are no longer searchable. It's not quite I want but close, and since it's an old post, I ignore if it still working like that.

I also thought about changing the retention pool of the data source and make it shorter, to delete only old events, but I don't know if that would work and If it can be done in a single data source without affecting other data sources. 

Any ideas?

Labels (2)
Labels
0 Kudos
Reply
2 Replies
McAfeeSIEM_Eric
McAfeeSIEM_Eric
Level 9
Report Inappropriate Content
Message 2 of 3
3 weeks ago

Re: Delete data source events from ELM

LuisJavierReport,

Either option you use will not actually delete the information, it will mark it as available space. This works similar to how windows deletes information. If you would like to suggest this as a feature for the ELM please submit the product idea:

https://community.mcafee.com/t5/Enterprise-Customer-Product/idb-p/business-ideas

If you need this information deleted from the ELM you could work through Professional Services to have this accomplished.

 

Thank You,
Eric
Reply
Dimm
Dimm
Level 9
Report Inappropriate Content
Message 3 of 3
3 weeks ago

Re: Delete data source events from ELM

Try to connect to the ELM via SFTP. I didn't test deletion but "Delete" button is actually available to click in WinSCP. You just have to find specific file with logs you want to delete, be careful to no delete something you (or compliance) need.

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC