Skip Navigation

Use the evidence locker to view exfiltration event details

When a file in your file inventory is involved in a data exfiltration event, it is stored and encrypted in the
instance using different keys for each tenant, and it is added to the evidence locker. You can view or download the files involved in exfiltration events from the evidence locker.
Evidence file collection must be enabled in the information protection settings. See Configure data collection settings for more information.
  1. In the management console, on the menu bar, click
    Avert > Evidence Locker
    The evidence locker displays a list of all the files in your organization that have been involved in a data exfiltration event. The following table explains the information that is in the Evidence Locker list:
    Time Added
    This is the time the file was added to the evidence locker.
    File Name
    This is the name of the file involved in an exfiltration event.
    File Size
    This is the size of the file involved in an exfiltration event.
    Associated Events
    These are the exfiltration events that the file is associated with. You can click on the number to see more details.
    You can click this to download the full file involved in the exfiltration event. Evidence files are downloaded as a compressed .gz file. You will need a utility tool, such as 7zip, to decompress the files and view them.
  2. Click on the number in the associated events column to view the
  3. To filter the time added, file name, or file size columns, click The Filter column icon in the column heading.