Cisco Cisco Firepower Management Center 4000

If the number of events in the intrusion event database exceeds the maximum, the oldest events and 
packet files are pruned until the database is back within the event limits. See 

 for information about generating automated email 

notifications when events are automatically pruned.

For information on manually pruning the discovery and user databases, see 

.

In addition, you can configure an email address that will receive notifications when intrusion events and 
audit records are pruned from the database.

Admin

Select 

.

The System Policy page appears.

You have the following options:

To modify the database settings in an existing system policy, click the edit icon (

) next to the 

system policy.

To configure the database settings as part of a new system policy, click 

.

Provide a name and description for the system policy as described in 

, and click 

.

In either case, the Access Control Preferences page appears.

Click 

.

connection summaries 
(aggregated connection 
events)

10 million (DC500, DC1000, virtual Defense Center)

 

50 million (DC750)

 

100 million (DC1500, DC3000)

 

500 million (DC3500)

zero (disables storage)

correlation and compliance 
white list events

1 million 

one

malware events

10 million 

10,000

file events

10 million

zero (disables storage)

health events

1 million 

zero (disables storage)

audit records

100,000 

one

remediation status events

10 million 

one

the white list violation 
history of the hosts on your 
network

a 30-day history of violations

one day’s history

user activity (user events)

10 million 

one

user logins (user history)

10 million

one

rule update import log 
records

1 million

one