View CylanceAVERT event details
The following data collection settings must be enabled to view file snippets and download the full file. See Configure data collection settings for more information.
- Generate File Snippets
- Enable evidence file collection
The following permissions are required to view event information:
- View general events list
- View device names
- View user names
- View policy names
- Link to policy details
- View data entities
- View file details
- Download full file
- In the management console, on the menu bar, click CylanceAVERT > Events.
- Click a row to view more details about an event.
- In the Event Details pane, do any of the following:
- Under User details, click the user's name to be directed to the user's information page where you can view any policies, events, or devices associated with the user.
- Under Policy Violations, click on a policy to view more information about the policy that was violated.
- Under File details, click the information icon to view details about the file, including what type of file it is, the sensitive data types that were scanned, and the number of occurrences of those data types. You can click
to view snippet information about the exfiltration event. You can also click
to download the file involved in the exfiltration event. Evidence files are downloaded as a compressed .gz file. You will need a utility tool, such as 7zip, to decompress the files and view them.