Is there a time or size limit on the Panther Data Replay feature?
Is there a limit on the amount of data that can be replayed using the Data Replay feature? Are there size limitations on the data?
You can choose to limit the data set of your replay by time or by data size (GB). The farthest you can go back to replay data is 14 days* and the largest set of data that can be replayed is 20GB.
The time limit for Data Replay data is within the past 14 days. Data ingested and processed by Panther within the last 24 hours may not yet be available.
In the below image, the screenshot was taken on May 25th, 2023. Data processed within the previous 24 hours from the screenshot may not be available for Replay, and data from May 10th may not be complete, as that would be on the cusp of data retention for Data Replay purposes. The data used for Data Replay when selecting large time ranges, will be the most recent available <=20GB within the time range selected.
The total size limit for events processed by data replay is 20 GB. Using the Data Size Selector, you can choose between 1GB, 5GB, 10GB, 15GB, and 20GB. Choosing a smaller set of data will allow your Data Replay run to complete faster.
When selecting by size, the most recent available 1/5/10/15/20 GB of data will be replayed.