Change the Forensic Folder Destination Using the ESM Console

To allow you to further troubleshoot or analyze security events, such as a prevention or crash, Traps uploads the forensic data to a web-based forensic folder. During installation of the ESM Console, the installer enables the Background Intelligent Transfer Service (BITS) which utilizes idle network bandwidth to upload the data to forensic folder.
To analyze a security event, create an action rule to retrieve the forensic data from the endpoint (see Manage Data Collected by Traps). When Traps receives the request to send the data, it copies the files to the forensic folder (also referred to in the Endpoint Security Manager as the quarantine folder), which is a local or network path that you specify during the initial installation.
You can change the path of the forensic folder at any time using the Endpoint Security Manager or using the DB Configuration Tool (see Change the Forensic Folder Destination Using the DB Configuration Tool). All endpoints must have write-permission to this folder.
  1. Select
    Settings
    ESM
    Settings
    .
  2. In the Server Configuration area, enter the web-based URL, in the
    Forensic Folder URL
    field to use BITS to upload forensic data.
    To encrypt forensic data, we strongly recommend that you use SSL to communicate with the forensic folder. To use SSL, include the fully qualified domain name (FQDN) and specify port 443, for example
    HTTPS://ESMserver.Domain.local:443/BitsUploads
    . If you are not using SSL, specify port 80, for example
    http://ESMSERVER:80/BitsUploads
    .

Recommended For You