: Change the Forensic Folder Destination Using the ESM Console
Focus
Focus

Change the Forensic Folder Destination Using the ESM Console

Table of Contents

Change the Forensic Folder Destination Using the ESM Console

To allow you to further troubleshoot or analyze security events, such as a prevention or crash, Traps uploads the forensic data to a web-based forensic folder. During installation of the ESM Console, the installer enables the Background Intelligent Transfer Service (BITS) which utilizes idle network bandwidth to upload the data to forensic folder.
To analyze a security event, create an action rule to retrieve the forensic data from the endpoint (see Manage Data Collected by Traps). When Traps receives the request to send the data, it copies the files to the forensic folder (also referred to in the Endpoint Security Manager as the quarantine folder), which is a local or network path that you specify during the initial installation.
You can change the path of the forensic folder at any time using the Endpoint Security Manager or using the DB Configuration Tool (see Change the Forensic Folder Destination Using the DB Configuration Tool). All endpoints must have write-permission to this folder.
  1. Select SettingsESMSettings.
  2. In the Server Configuration area, enter the web-based URL, in the Forensic Folder URL field to use BITS to upload forensic data.
    To encrypt forensic data, we strongly recommend that you use SSL to communicate with the forensic folder. To use SSL, include the fully qualified domain name (FQDN) and specify port 443, for example HTTPS://ESMserver.Domain.local:443/BitsUploads. If you are not using SSL, specify port 80, for example http://ESMSERVER:80/BitsUploads.