Appearance
Realm.Security Data Haven:
Getting Started and Data Resupply Guide
Welcome to Realm.Security Data Haven, the feature that provides secure, long-term archival storage and rapid data resupply capabilities for your organizational logs and security data.
What does Data Haven do? The Data Haven automatically stores and protects all data ingested into the Realm platform, ensuring data longevity and providing a mechanism for selective, point-in-time data resupply to your configured destinations.
Access and Data Onboarding
Accessing the Data Haven UI
- UI Location: Data Haven is available as a new tab on your Realm platform's global navigation bar.
Data Onboarding and Storage
- Zero Configuration Onboarding: There is no manual configuration necessary for directing data to the Data Haven archive. All data sources added to the Realm platform will automatically and securely route logs and events to the Data Haven archival storage.
Configuring Resupply Destinations
Before you can resupply archived data, you must designate a Destination and an Output Feed as resupply eligible. This configuration prevents the resupplied data from mixing with your live, production data streams.
Setting Up a Resupply Eligible Output Feed
- Navigate to the Destinations Page to access the Output Feed configuration panel within the Realm platform.
- Locate and enable the configuration option on the Output Feed to make the feed resupply eligible.
We strongly recommend that users create a separate, dedicated Resupply Destination with a corresponding Resupply eligible output feed. This practice ensures absolute data separation at the destination, preventing the steady flow of production logs from mixing with archived, resupplied data sets.
How to Resupply Data from Data Haven
Types of Resupplies and Limitations
| Resupply Type | Primary Use | Data Range & Filters | Retention Limits |
|---|---|---|---|
| Type 1: IOC/Observable Resupply | Targeted security investigation, threat hunting. | Filtered by Time, Sources, and specific Normalized Observables across all ingested Sources | Data retained for the last 30, 60, or 90 days, depending on your subscription tier. |
| Type 2: Archival Resupply | Compliance, long-term forensics, regulatory audit. | Filtered by Time and Sources across the entire archived dataset. | Default 12 months retention (subscription dependent). |
IOCs/Observables available for Resupply
usernamehashemail addressurl stringfile pathhostnameip addressprocess name
Resupply Workflow Steps
- Form Completion for Narrowing your Resupply: Define the parameters to specify exactly which data subset you wish to retrieve.
- Data Gathering and Size Calculation: The system will process your request, locate the relevant archived data, and calculate the total estimated size of the data to be resupplied.
- Confirmation of Data Resupply: You must review the calculated size and confirm the request before the data transfer to your Resupply Eligible Destination begins.
Tracking Resupply Jobs
- Tracking Data Gathering: You can track your data gathering requests as the system calculates the size and prepares the data set.
- Tracking Transfer Progress: Once confirmed, you can track the progress of the data being resupplied from your archive to your destination.
Data Haven is a subscription feature available through Realm. Please contact your sales representative for detailed information regarding licensing, retention options, and subscription tiers.