After how many days are detections removed from CrowdStrike?

Detections in CrowdStrike are retained for a period of 90 days before they are automatically removed from the system. This policy ensures that the data is available for a sufficient duration to allow security teams to conduct thorough investigations, analyze trends, and respond to potential threats appropriately. By retaining detections for 90 days, organizations can benefit from historical data when assessing the effectiveness of their security measures and improving incident response plans.

The choice of 90 days aligns with common practices in the cybersecurity industry, where maintaining a balance between data retention for analysis and practical data management considerations is crucial for operational efficiency.