Reviewing threat-related forensic data
When an administrator selects an incident on the page that includes forensic data, the Forensic Data area below the table is populated with details about the attempted file transfer. Forensic details include:
| Field | Description |
|---|---|
| Source | The user or IP address making the request. |
| Destination | The IP address of the target machine. |
| Incident ID |
The Forcepoint DLP ID number associated with the incident. Can be used to further investigate the incident in the Data module of the Security Manager. This feature requires either the DLP Module or Forcepoint DLP. |
| Files |
The name and size of the file or files associated with the incident. The file name is a link that can be used to open the actual file. Warning: Use caution when opening a captured file. The file might contain malware that could infect the machine used for investigation. The file could also contain
sensitive data.
|
| Parameters and Body |
Shows CGI parameters and HTML body details for the request used to send or retrieve the file. The number of parameters and the details included in the body of the request may vary widely from incident to incident. |