Forensics Rules
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Forensics Rules
Forensics management rules enable you collect
forensics data captured by Traps from a central location. From the PoliciesForensicsManagement page, you can create
rules to manage the following forensics settings:
Agent Settings Rules | Description |
|---|---|
Memory dump settings | Specify files settings including a size
for the memory dump and enable Traps to send the memory dump to
the server automatically. This setting only applies to data collected
from prevention events related to protected processes. For more information,
see Define Memory Dump Preferences. |
Forensics collection | Enable Traps to collect forensic data for
each security event including which files were accessed, modules
that were loaded into memory, URIs that were accessed, and ancestor
processes of the process that triggered the security event. For
more information, see Define Forensics Collection Preferences. |