Manage evidence collection

You can customize how data exfiltration events are collected in CylanceAVERT. Data collection settings allow you to configure the evidence that you want to be collected during a data exfiltration event for auditing purposes. By configuring data collection settings, you can make decisions such as including file snippets of the exfiltration event, saving full copies of the files involved in the exfiltration event, managing uploads to the evidence locker, selecting times for file uploads, and specifying the length of time data evidence should be retained.
  1. In the management console, on the menu bar, click Settings > Information Protection.
  2. Click the Data Collection tab.
  3. Perform any of these actions to configure information protection settings:

    Item

    Steps

    File Snippets

    Click the Generate File Snippets toggle to turn on or off file snippet collection. When Generate File Snippets is turned on, a file snippet of the data exfiltration event will be saved in the events details. By default, Generate File Snippets is set to off.

    Evidence File Collection

    • Click the Enable evidence file collection toggle to turn on or off evidence file collection. By default, Enable evidence file collection is set to off. When Enable evidence file collection is turned on, a full copy of the files involved in a data exfiltration event will be saved in the event details. See Viewing CylanceAVERT event details for more information.

    • Click the Disk space text field and enter a value to specify the maximum amount of free disk space that you can allocate to caching evidence files on remote devices or evidence locker. By default, Disk space is set to 10%.

    File Upload

    Click the File Upload Method list, and then select a method. By selecting Direct, devices on your network will be able to upload files directly to your evidence locker. If direct access to your evidence locker is blocked (for example, by your firewall), Arctic Wolf will upload the files through its cloud by selecting BlackBerry Proxy Service. By default, Direct is selected.

    Evidence File Retention

    Click the Data retention list, and then select the length of time to store evidence files in your evidence locker. The values for the length of time that evidence files can be stored is 30, 60, or 90 days. By default, Data retention is set to 30 days.