This capability is supported on Windows
endpoints with Traps 6.1 and later releases.
investigation you want to retrieve files from one or more Windows
endpoints, you can initiate a file retrieval request from Traps
For each file retrieval request, Traps
management service supports up to:
200MB in total size
10 different endpoints
The request instructs
the agent to locate the files on the endpoint and upload them to
Traps management service. The agent collects all requested files
into one archive and includes a log in JSON format containing additional
status information. When the files are successfully uploaded, you
can download them from the Actions Tracker.
You can also
retrieve files related to a security event using the Retrieve Files response
To retrieve files from one or more endpoints:
From Traps management service, select
If needed, filter the list of endpoints.
To reduce the number of results, use
the endpoint name search and filters from the
at the top of the page.
Select the endpoints from which you want to retrieve
files and then select the retrieve files (
Enter the paths for the files you want to retrieve, pressing
each completed path.
also paste a list of paths from a file that contains each path on
a new line. To edit a path, double click it.
To track the status of a file retrieval action, view the
. Traps management service retains retrieved
files for up to one week.