Use the evidence locker to view exfiltration event details
When a file in your file inventory is involved in a data exfiltration event, it is stored and encrypted in the
AWSinstance using different keys for each tenant, and it is added to the evidence locker. You can view or download the files involved in exfiltration events from the evidence locker.
- In the management console, on the menu bar, clickAvert > Evidence Locker.The evidence locker displays a list of all the files in your organization that have been involved in a data exfiltration event. The following table explains the information that is in the Evidence Locker list:ItemDescriptionTime AddedThis is the time the file was added to the evidence locker.File NameThis is the name of the file involved in an exfiltration event.File SizeThis is the size of the file involved in an exfiltration event.Associated EventsThese are the exfiltration events that the file is associated with. You can click on the number to see more details.DownloadYou can click this to download the full file involved in the exfiltration event. Evidence files are downloaded as a compressed .gz file. You will need a utility tool, such as 7zip, to decompress the files and view them.
- Click on the number in the associated events column to view theCylanceAVERTevents.
- To filter the time added, file name, or file size columns, click in the column heading.