5.6.15. Web UI `Admin-NDR configuration` screen

After pressing the `NDR configuration` command from the `Admin` menu, the following screen is displayed.

This screen enables:

Activating the functions:

`Assets and users tracking`

`Relationship tracking`

Setting up elasticsearch data retention:
- Activating the function `Synchronize NDR boards with Elasticsearch retention`
- Changing the value of the retention time

The `NDR configuration` screen contains the following sections:

Item	Name
1	FEATURES button: activates the display of the following parameters
2	`Assets and users tracking` selector: enable tracking active assets, users, and process risks associated with each entity
3	`Relationship tracking` selector: enables the tracking of relationships between active devices and displays these relationships
4	`RETENTION PERIOD` button: activates the display of the following parameters
	`Synchronize NDR boards with elasticsearch retention` selector: enables synchronizing NDR dashboards with data in Elasticsearch (see text below the table)
	`Retention period` field: indicates the length of time alerts, users, and equipment data will be retained on disk

Function `Synchronize NDR boards with elasticsearch retention`:

The NDR database stores metadata about the alerts displayed in the dashboards (`Alerts`, `Assets`, `Users`, etc.), while Elasticsearch (Hunting) stores details about them.

Enabling this feature activates the synchronization of NDR dashboards with the data available in Elasticsearch.

Disable this feature to continue to display alerts in NDR dashboards that are no longer stored in Elasticsearch. In this case, the alerts are available but the details cannot be displayed.

The retention time of Elasticsearch depends on the maximum space allocated in GB to store the logs (see `Admin-GCenter-Configuration` screen of the legacy web UI).

Therefore, the data retention period in elasticsearch depends on the amount of logs generated by the GCaps.