Scan Data Retention and Scan Archiving
There is a default data retention setting to limit the amount of information displayed in the Acunetix user interface. This setting automatically archives some scans (and the associated vulnerabilities) so you can manage your scan results more easily.
This document explains how scan data retention and scan archiving work in Acunetix.
TIP: You can view archived scans by setting the filter on the Scans page to Archived Status > Archived. |
Scan data retention and scan archiving in Acunetix Online functions differently than in Acunetix On-Premises. Refer to the relevant section below according to the product you use.
Acunetix Online
Archiving and deletion of scan data in Acunetix Online behaves in the following manner according to the type of scans being run:
- One-time scans: The last 7 good scans (completed) on a target that use the same scan profile or use a combination of the same scan profile and the Full Scan profile are retained on the scans page. All other one-time scans are archived. Any archived scans older than 400 days are automatically deleted.
- Recurrent scans: The last 7 good scans (completed) on a target are retained on the scans page. All other recurrent scans are archived. Any archived scans older than 400 days are automatically deleted.
- Continuous scans: The last 7 good scans (completed) on a target are retained. All other continuous scans are archived. Any archived scans older than 1 month are automatically deleted.
NOTE: Scan archiving is not an instant process. Scan data archiving is a background task that occurs every 12 hours in Acunetix Online. |
Acunetix On-Premises
Archiving behavior in Acunetix On-Premises depends on the scan profile and type of scan that is used.
- Scan Profile: The scan data retention setting is applied to individual scan profiles, meaning that the archiving behavior begins when the number of scans using the same scan profile goes beyond the set retention number.
- Type of scan: The scan data retention setting applies to one-time scans and recurrent scans. Archiving behavior is applied to each scan type independently.
- Continuous scans: The last 7 good scans (Completed) are retained. All other continuous scans are archived. Any archived scans that are older than 1 month are automatically deleted.
Additionally, you can change the default scan data retention setting by adjusting the number of scans to retain. If you change this setting, Acunetix will retain the last scan you ran plus the number of scans you specify for scan data retention. For example, if you set the number of scans to retain as '2', then Acunetix will retain the last three scans on the Scans page and archive any older scans for that target.
The illustrative example below is intended to help explain how the scan data retention setting works with one-time and recurrent scans using various scan profiles.
Illustrative example
- Action: In Acunetix On-Premises, you set the number of scans to retain to '2'. Then you run seven scans for the same target using the cross-site scripting scan profile.
- Result: Acunetix will automatically archive the four oldest scans and retain the three most recent scans.
- Explanation: This is expected behavior because Acunetix retains the number of scans you specify, plus one.
Scans page | Archive |
XSS XSS XSS | XSS XSS XSS XSS |
- Action: Now you run a new scan for the same target but use a different scan profile (for example, SQL Injection).
- Result: The number of archived scans does not change. You still have four archived cross-site scripting scans for the target.
- Explanation: This is expected behavior because the new scan uses a different scan profile. In this case, the scan archiving only applies to scans that use the same scan profile (in this example, the cross-site scripting scan profile). So on the Scans page, you will see the three most recent cross-site scripting scans and one SQL Injection scan.
Scans page | Archive |
SQL XSS XSS XSS | XSS XSS XSS XSS |
- Action: Next, you run another scan using the cross-site scripting scan profile.
- Result: The number of archived scans increases to five.
- Explanation: This is expected behavior because the new scan uses the same scan profile as the previous scans which are already higher in number than the data retention setting. On the Scans page, you will still see the three most recent cross-site scripting scans and one SQL Injection scan.
Scans page | Archive |
XSS SQL XSS XSS | XSS XSS XSS XSS XSS |
- Action: Now you run a Full Scan on the target.
- Result: The number of archived scans increases to seven.
- Explanation: This is expected behavior because the full scan profile triggers and counts towards the archiving of scans made with any scan profile. In this illustrative example, running a full scan will archive all previous scans except for the last three scans run using any scan profile. This is because the full scan profile checks for all known vulnerabilities, and therefore the scan and vulnerability information is a superset of the results made with any other profile. On the Scans page, you will now see the most recent full scan, the most recent cross-site scripting scan, and the previous SQL Injection scan. These are the last three most recent scans of the target.
Scans page | Archive |
Full scan XSS SQL | XSS XSS XSS XSS XSS XSS XSS |
NOTE: Scan archiving is not an instant process. Scan data archiving is a background maintenance task that occurs approximately every 5 minutes in Acunetix On-Premises. |
Vulnerability Archiving
Vulnerabilities inherit their status from the last scan that reported the vulnerability. If that scan is archived, then the vulnerabilities will be archived as well. Once a vulnerability is archived, it usually means that it was solved and the follow-up scans are not finding it anymore. If that vulnerability is found again, then the scan which found it will show it.
Illustrative example
- Day one: You run a scan on a target and find a cross-site scripting vulnerability. You fix the vulnerability.
- Day two: You scan the target again and the cross-site scripting vulnerability is not found since it was already fixed the previous day. You set scan data retention to '2'.
- Day three: You scan the target again and the cross-site scripting vulnerability is not found since it was already fixed on day one.
- Day four: You scan the target again and the cross-site scripting vulnerability is not found since it was already fixed on day one. After this fourth scan, your first scan from day one is archived. Since the last scan in which the cross-site scripting vulnerability was found becomes archived, the vulnerability itself also becomes archived.
- Day five: You scan the target again and find the same cross-site scripting vulnerability. Now the cross-site scripting vulnerability will be visible again in your active vulnerabilities list since the latest scan that detected it is not archived.
Deletion of Archived Scans
The following default settings are in place:
- Recurrent and one-time scans: Acunetix will retain archived scans and vulnerabilities for 400 days.
- Continuous scans: Archived continuous scan sessions are automatically deleted after 30 days.
In Acunetix On-Premises, you can change the Archived Data Deletion setting to any duration you prefer. For more information, refer to Configuring General Settings.