Onboarding Mode Settings
You can access Onboarding Mode settings through the Settings section in the main navigation menu. Select the Onboarding Mode tab to view and configure these options.
Default Configuration
Event Expiry
| Severity | Default Expiry Time |
|---|---|
| Low | 30 minutes |
| Medium | 30 minutes |
| High | 60 minutes |
| Critical | 90 minutes |
Snapshot Settings
| Setting | Configuration |
|---|---|
| Status | Enabled for NFS and SMB |
| Snapshot Quota | 500 |
Snapshot Expiry
| Severity | Expiry After Event Closure |
|---|---|
| Low | 24 hours |
| Medium | 48 hours |
| High | 72 hours |
| Critical | 7 days |
Protection Settings
| Setting | Default Value | Modifiable During Onboarding |
|---|---|---|
| Lockout | Disabled | No |
| Auto-learning | Enabled | No |
Advanced Configuration
Snapshot Management
Snapshot Quota
The snapshot quota limits the maximum number of snapshots the system maintains.
When you reach this limit, the system stops creating new snapshots until existing ones expire or you delete them. This may impact your recovery capabilities during security events.
Critical Path Snapshots
Critical Path Snapshots protect essential directories with automatic snapshots regardless of user access. This feature safeguards important cluster data during security events.
Advanced Severity Settings
Advanced Severity Levels control how the system categorizes and responds to events.
These settings remain locked by default to maintain system stability. Modifying them incorrectly can lead to false positives or missed security events.
Related Resources
- For information on how Onboarding Mode works, see Understanding Onboarding Mode
- For steps to exit Onboarding Mode, see Exiting Onboarding Mode