Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Support
Invicti Enterprise Settings

Data Encryption, Storage, and Retention

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

This article explains how Invicti Enterprise encrypts and stores data. It also shows you how to configure the retention period for raw scan files and scan data.

Encryption and data storage

Invicti Enterprise On-Premises

Invicti Enterprise On-Premises encrypts and decrypts sensitive data by using AES encryption. For encryption, Invicti uses a secret key that is randomly generated during a new installation (since v2.2). You are prompted to download and store your secret key during installation, as you cannot access this key again in Invicti Enterprise On-Premises. For more information, including how to generate a new secret key, refer to Encryption Settings.

Invicti Enterprise On-Demand

Invicti Enterprise On-Demand utilizes the following security measures:

  • Data transfers, data at rest, and backups are encrypted with TLS 1.2, SSL certificates and 256-Bit AES.
  • Secure data disposal procedures, including but not limited to using secure erase commands, degaussing, and crypto shredding of data when required. Invicti’s procedures follow industry standards, such as NIST 800-88 or ISO 27001 recommendations.
  • User account passwords are stored as salted hash values as defined in RFC 2898. PBKDF2 with HMAC-SHA256 is used as the hashing algorithm, and the salt length is 128-bit.
  • AWS S3 buckets use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).

Retention policies

One of the ways to control accumulated data in Invicti Enterprise is to set an expiry date for data. There are two different retention policies in Invicti Enterprise:

  • Raw scan files created by the Agent 
  • Deletion of this information does not affect future scheduled scans or the reports displayed in the web application.
  • Deletion of this information implies that you will no longer be able to download scan data via the UI, but the reports, reported vulnerabilities, and ancillary information will still be shown.
  • Scan data related to a scan
  • Deletion of this data will remove any data related to the scan from the web application database and from the Agent machine.
  • Reports, reported vulnerabilities, and indeed any information related to the scan will no longer be available.

How to configure data retention for raw scan files or scan data

  1. Log in to Invicti Enterprise.
  2. Select Settings > General from the left-side menu.

  1. In the Data Retention Settings section, enable the checkbox next to:
  • Configure retention period for raw scan files
  • Configure retention period for scan data

This will expose the slider control to specify the desired retention period.

  1. Click and drag the slider to adjust the retention period(s) according to your preference.

  1. Click Save at the bottom of the page.

The data retention period you specified is now set.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports

Invicti Help Center

Our Support team is ready to provide you with technical help.

Go to Help Center This will redirect you to the ticketing system.