The Sentinel UI also shows Incident data older than the Workspace Retention period, but you will see an Informational warning like this below, as only a small subset of Incident data is stored outside the workspace, so its only usable to visually look at/filter on (if you need the detail increase the retention as mentioned above).
"Investigation cannot be used to investigate this incident because some of the data related to this incident is no longer stored."
