Use the evidence locker Skip Navigation

Use the evidence locker

Evidence file collection must be enabled in the information protection settings. See Configure data collection settings for more information.
  1. In the management console, on the menu bar, click
    Avert > Evidence Locker
    .
    The evidence locker displays a list of all the files in your organization that have been involved in a data exfiltration event. The following table explains the information that is in the Evidence Locker list:
    Item
    Description
    Time Added
    This is the time the file was added to the evidence locker.
    File Name
    This is the name of the file involved in an exfiltration event.
    File Size
    This is the size of the file involved in an exfiltration event.
    Associated Events
    These are the exfiltration events that the file is associated with. You can click on the number to see more details.
    Download
    You can click this to download the full file involved in the exfiltration event. Evidence files are downloaded as a compressed .gz file. You will need a utility tool, such as 7zip, to decompress the files and view them.
  2. Click on the number in the associated events column to view the
    CylanceAVERT
    events.
  3. To filter the
    Time Added
    column, click in the column heading.