Wondering if anyone can you help. In ESM --> Monitor --> ESM --> Data Retrieval
Im seeing large files. Wondering if anyone knew why they are so large.. some are in the 634mb size..
Solved! Go to Solution.
At the time of a security event, Traps can report the files that were accessed, modules, that were loaded into memory, URIs that were accessed, and ancestor process of the process that triggered the security event. You can define policy rules that specify what is collected; these rules can incorporate conditions, so that different users, computers, or groups receive different settings.
Traps captures the following information at the time of a security event:
To modify the report collection settings, clone the policy and override the desired details. Overriding the default memory dump size rule allows to reduce the disk space consumed by dumps in the event of a prevention. However, reducing this setting to any value below the default (full) could omit important forensic information.
I hope it helps;
Thanks @Willian for that response clears it up.
I noticed the default Policy does a Full Memory Dump, so i understand now how these files can be large.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!