MoveDiscoveryIncident (IncidentXml, Location, RemoveFile, DaysKeepActiveFiles, QuarentineMsg)
This routine moves the file pointed to by the incident into a folder.
The file is moved by copying it to the destination folder, then overwriting the original file with a text message.
Alternatively, the file can be copied (rather than moved).
The file is checked for access before it is copied or moved, and it is not moved if it has been accessed recently.
| IncidentXML | Unicode | The path of the incident XML file |
| Location | Unicode | Destination folder to which to move or copy the file |
| RemoveFile | bool | If True, the original file is moved. If False, the original file is copied. |
| DaysKeepActiveFiles | Int | Don’t move the file if it was accessed within this number of days. |
| QuarantineMsg | str |
A string which will replace the original file Make sure the file is formatted appropriately. For example, to use Unicode, encode it as UTF-8 or UTF-16 with BOM. The file will always have a “.txt” extension, so make sure it can be opened in Notepad. |
Returns
None
Example
>>>
DiscoveryIncidentProcessing.MoveDiscoveryIncident(r'C:\Te mp\5371106770671816417.xml',r'C:\Temp',False,0,'')
2017-07-21 16:03:16,365 root Debug Processing
C:\Temp\5371106770671816417.xml move file 0
2017-07-21 16:03:16,742 root Debug Moving
\\10.4.228.150\DiscoveryTarget\TestFile.txt to C:\Temp
2017-07-21 16:03:16,786 root Debug Creating
C:\Temp\10.4.228.150\DiscoveryTarget
>>>