Technical Library
|
Support
General System Settings
> Exporting incidents to a file
Exporting incidents to a file
Administrator Help | TRITON AP-DATA | Version 8.3.x
To export incidents to a log file for analysis:
1.
Select
Settings > General > Incident Export
.
2.
Complete the fields as follows:
Field
Description
Export incidents to a file
Select this box to set up your incident export.
Path
Browse to the location where the incident report will be saved, e
File name
Type the name of the incident export file. The name must be fewer than 180 characters. File names cannot include the following characters:
/:*?\"\\<|>;,&%@#!^&$%()+'=~`{}
Maximum number of files
Use the arrows to choose the maximum number (between 1-20) of log files you want to keep.
New file creation
Indicate how often you want to create a new incident export file.
When file size reaches
Click this option and select a file size (from 1-5MB) to create a new incident report file when the old file exceeds your specified size.
At the start of a new day
Click this option to create a new incident log file at 12:00 a.m. every day.
3.
Click
OK
to save your changes.
Listed below are the fields that are exported and a description of their contents.
Field
Description
Incident ID
External incident ID.
Insert date
The incident insert date.
Source hostname
The incident source hostname.
Source IP
The incident source IP.
Source full name
The incident source full name.
Source email
The incident source email.
Source DN
The distinguished name (DN) of the incident source. A DN is the name that uniquely identifies the entry in the directory. It is made up of attribute=value pairs, separated by commas.
Destinations list
A list of the incidents destinations, in the format of dest1;dest2;dest3…
Channel name
The channel name.
Max action taken
A readable action taken (e.g.: Blocked, Audited).
Urgency
Incident's urgency, sometimes called sensitivity (e.g.: Moderate).
Policy category
A policy category for the current line (an incident can generate multiple lines).
Filenames
The filename or filenames related to the current incident policy, up to 1024 characters. In the format of [fn1;fn2;…;fnX].
Filenames trimmed
True if the actual value for the filenames filed is greater than 1024 characters.
Please notice that in few cases you do not get the actual file name. For example, for some SMTP incidents you might see the filename as MESSAGE-BODY.
Breached contents
The breach content of the incident for the current policy, up to 1024 characters, in the format of [content1;content2;…;contentX].
Breached content trimmed
True if the actual size of the previous filed is more than 1024 characters.
General System Settings
> Exporting incidents to a file
Copyright 2016 Forcepoint LLC. All rights reserved.