Defend stores email metadata, which is used for reports and dashboards in the console.
The data stored for an email that has been analyzed by Defend includes:
- Recipient To
- From
- To
- CC
- Reply To
- MailFrom
- Timestamp
- Subject
- Sender Header
- Authentication details (DMARC, DKIM, SPF)
- Sender Location
- Message ID
- Attachment filenames
- Host of URLs
- Time of links clicked
- Any banners displayed to the user
- Defend Score
Retention
All data is stored for 40 days before being removed from Defend. If enabled, data feeds into Human Risk Management (HRM) and is stored for 18 months.
Data Security
Defend uses AWS data centers accredited to ISO 27001 / 900. All data is stored in the database and encrypted to AES256.