Is there a limit on the amount of data that can be replayed using the Data Replay feature? Are there size limitations on the data?
The time limit for Data Replay data is within the past 30 days and it must be older than 24 hours.
The total size limit for events processed by data replay is ~20 GB.
You can check the approximate size of the query by using the
panther_monitor.public.data_audit database using the following query:
SELECT SUM(s3objectsize) as approx_query_size, p_source_label FROM panther_monitor.public.data_audit WHERE p_occurs_between('2022-08-01', '2022-08-08') and p_source_label = ('your AWS account') GROUP BY p_source_label
Since this query can only check by log source (the integration that feeds in your logs) rather than the log_type (e.g., AWS Cloudtrail logs), you will need to pick the sources from which you will be pulling your data for replay. For a connected cloud account, this would be the name that you gave that connected AWS account.