Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Administration
  4. Cylance Endpoint Security Administration Guide
  5. Monitoring sensitive files with CylanceAVERT
  6. Use the evidence locker to view exfiltration event details

Use the evidence locker to view exfiltration event details

When a file in your file inventory is involved in a data exfiltration event, it is stored and encrypted in the
BlackBerry
 managed
AWS
 instance using different keys for each tenant, and it is added to the evidence locker. You can view or download the files involved in exfiltration events from the evidence locker.
Evidence file collection must be enabled in the information protection settings. See Configure data collection settings for more information.
  1. In the management console, on the menu bar, click
    Avert > Evidence Locker
    .
    The evidence locker displays a list of all the files in your organization that have been involved in a data exfiltration event. The following table explains the information that is in the Evidence Locker list:
    Item
    Description
    Time Added
    This is the time the file was added to the evidence locker.
    File Name
    This is the name of the file involved in an exfiltration event.
    File Size
    This is the size of the file involved in an exfiltration event.
    Associated Events
    These are the exfiltration events that the file is associated with. You can click on the number to see more details.
    Download
    You can click this to download the full file involved in the exfiltration event. Evidence files are downloaded as a compressed .gz file. You will need a utility tool, such as 7zip, to decompress the files and view them.
  2. Click on the number in the associated events column to view the
    CylanceAVERT
     events.
  3. To filter the time added, file name, or file size columns, click The Filter column icon in the column heading.