Forensics Rules

Forensics management rules enable you collect forensics data captured by Traps from a central location. From the PoliciesForensicsManagement page, you can create rules to manage the following forensics settings:
Agent Settings Rules
Description
Memory dump settings
Specify files settings including a size for the memory dump and enable Traps to send the memory dump to the server automatically. This setting only applies to data collected from prevention events related to protected processes. For more information, see Define Memory Dump Preferences.
Forensics collection
Enable Traps to collect forensic data for each security event including which files were accessed, modules that were loaded into memory, URIs that were accessed, and ancestor processes of the process that triggered the security event. For more information, see Define Forensics Collection Preferences.

Related Documentation