Skip to main content

Quarantined Events

Andrew Gross
Updated

Overview

A Quarantined Event is an event captured by Nuclei that could not be delivered to at least one configured downstream archive destinations. The event remains safely stored on Nuclei but will not be archived without manual action.

The most common reason for an event becoming quarantined is it being too large to be ingested. The combined size of the event’s media or attachments exceeds the ingestion limits imposed by the downstream archive.

 

How to Resolve a Quarantined Event

Per-Event Review

1. Review event details

Open the event in Nuclei by either finding it on the Conversations page or by navigating via an event link in a Reconciliation Report.

 

2. Choose a remediation path

Option

When to use it

Steps

Raise ingestion limits with the archive

The event must be delivered to the downstream archive and cannot simply stay with Nuclei.

1. Contact your archive vendor.

2. Request an increased per-event size limit.

Ignore specific media during archiving

One or two files are non-critical (e.g., large video files).

1. Click excluded from archiving for an offending attachment.

Apply a Legal Hold

Compliance requires keeping the event beyond normal retention.

1. Click Apply Legal Hold.

 

Proactive Configuration Options

Nuclei supports the following configuration options on a per Connection basis. These settings can help prevent repetitive manual triage on a per-event basis.

  1. Auto-drop large media

    • Navigate to Sources > Connected Destinations and click the Settings (⛭) icon.

    • Under Anomalous Event Archiving Configuration, toggle Auto-drop large media to enable the ignoring of the largest media from an event that gets quarantined. The media will be retained under the normal event retention policies, but it will be excluded from all archiving. Quarantined events will ultimately be retried by Nuclei after media has been ignored.

  2. Auto-apply Legal Hold on size failures

    • Navigate to Sources > Connected Destinations and click the wheel symbol.

    • Under Anomalous Event Archiving Configuration, toggle Auto-apply Legal Hold on size failures to enable the auto-application of the legal hold status to events that get quarantined during archiving. These events and their media will be retained until the legal hold is lifted.

 

Frequently Asked Questions

Does quarantining affect retention?

No. Quarantined events remain on Nuclei for the full source retention period (or longer if a Legal Hold is applied).

 

What happens if the archive remains unreachable?

Events stay quarantined until successfully delivered or purged by retention policy. Use the automatic Legal Hold feature if you need to guarantee preservation beyond retention.

 

More Information

For more information on quarantined events, please contact Nuclei's Support team at support@nuclei.ai

Related articles

Comments

0 comments

Article is closed for comments.