Manage evidence collection Skip Navigation

Manage evidence collection

You can customize how data exfiltration events are collected in
CylanceAVERT
. Data collection settings allow you to configure the evidence that you want to be collected during a data exfiltration event for auditing purposes. By configuring data collection settings, you can make decisions such as including file snippets of the exfiltration event, saving full copies of the files involved in the exfiltration event, managing uploads to the evidence locker, selecting times for file uploads, and specifying the length of time data evidence should be retained.
  1. In the management console, on the menu bar, click
    Settings > Information Protection
    .
  2. Click the
    Data Collection
    tab.
  3. Perform any of the following to configure information protection settings:
    Item
    Steps
    File Snippets
    Click the
    Generate File Snippets
    toggle to turn on or off file snippet collection. When
    Generate File Snippets
    is turned on, a file snippet of the data exfiltration event will be saved in the events details. By default,
    Generate File Snippets
    is set to off.
    Evidence File Collection
    • Click the
      Enable evidence file collection
      toggle to turn on or off evidence file collection. By default,
      Enable evidence file collection
      is set to off. When
      Enable evidence file collection
      is turned on, a full copy of the files involved in a data exfiltration event will be saved in the event details. See Viewing CylanceAVERT event details for more information.
    • Click the
      Disk space
      text field and enter a value to specify the maximum amount of free disk space that you can allocate to caching evidence files on remote devices or evidence locker. By default,
      Disk space
      is set to 10%.
    File Upload
    Click the
    File Upload Method
    drop-down menu and select a method. By selecting
    Direct
    , devices on your network will be able to upload files directly to your evidence locker. If direct access to your evidence locker is blocked (for example, by your firewall),
    BlackBerry
    will upload the files through its cloud by selecting
    BlackBerry Proxy Service
    . By default,
    Direct
    is selected.
    Evidence File Retention
    Click the
    Data retention
    drop-down menu and select the length of time you would like evidence files to be stored in your evidence locker. The values for the length of time that evidence files can be stored is 30, 60, or 90 days. By default,
    Data retention
    is set to 30 days.