Add or Remove Legal Hold to Snapshot
Users who are assigned the Data Security role can add legal hold on existing snapshots to preserve them for legal purposes. Legal hold snapshots cannot be deleted until the legal hold is removed. Legal hold can be added to unlocked and DataLocked snapshots. Cohesity recommends that the data security user enables Legal Hold for business-critical workloads after a ransomware attack is confirmed.
You can add a legal hold to the snapshots of object protection runs.
Currently, Cohesity supports the following:
-
Legal hold on single run of a single object (both UI and API),
-
Legal hold on multiple runs of a single object (API only),
-
Legal hold on multiple runs of multiple objects (API only).
Legal hold prevents snapshots from being deleted until the legal hold is removed.
Using legal hold for long periods of time may result in the cluster running out of space.
To add a legal hold for the backup targets in a protection run:
-
In DataProtect as a Service, under Sources, find the required source and click on it.
-
Under Activity, click a protection run.
-
Click the Actions menu () and select Add Legal Hold. This option is enabled only if you have the Data Security role assigned. Users assigned with other roles can only view the Legal Hold status.
-
The snapshot details are displayed in the Add Legal Hold window. Click Save.
To remove legal hold from the backup targets in a protection run:
-
In DataProtect as a Service, under Sources, find the required source and click on it.
-
Under Activity, click a protection run.
-
Click the Actions menu () and select Remove Legal Hold.
-
The snapshot details will be displayed in the Remove Legal Hold window. Click Save.
To filter the legal hold enabled protection runs:
-
In DataProtect as a Service, under Sources, find the required source and click on it.
-
In the Task Status drop-down, select Legal Hold. The protection runs for which legal hold is enabled will be displayed.