What is the minimum value for the Payload Index Retention setting in QRadar?

The minimum value for the Payload Index Retention setting in QRadar is 1 day. This setting determines how long QRadar retains the payload index for events collected by the system. The payload index stores the full payload data associated with event logs, which can be critical for in-depth analysis and forensics of security incidents.

Choosing a minimum value of 1 day allows QRadar to efficiently manage storage resources while still providing a short-term window for reviewing detailed event data. This setting is particularly important in environments where storage capacity is limited or where data retention policies dictate the minimum requirements.

Longer retention periods, such as the other values provided, may be utilized based on organizational needs or compliance requirements, but the fundamental baseline that QRadar supports starts at 1 day. This ensures that even if detailed data gathering isn't retained for long, some record is always available for at least a short term of one day, allowing for immediate incident investigations and analyses.