Key

• Analysis Timeout (sec): Maximum analysis timeout (seconds). When the different agents submit a transaction to be analyzed by the policy engine, they specify how much time the policy engine has to analyze. At the end of this time, the policy engine returns the best answer it has. The final action is based on partial analysis.
• Extracted Text Size (MB): Assuming the transaction contains archives, the amount of text that is extracted from each file/sub-file for analysis.
• Max Forensics Size (MB): The maximum incident forensics size. Incidents do not include forensics beyond this limit. Transactions larger than this include just metadata.
• Max Intercepted Size (MB): The maximum content size submitted for analysis. Transactions larger than this are not sent to analysis.
• Max Extracted Sub-Files (MB): Assuming the transaction contains archives, the total amount of data to be extracted from these archives.
• Max Extracted Sub-Files (count): Assuming the transaction contains archives, the maximum number of sub-files that is extracted from these archives, including the archive level name.