- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-22-2024 05:59 AM - edited 08-22-2024 05:59 AM
When I configure Forensics, at the 'Endpoints' step, it doesn't show the name of any endpoint. "Monitor and Collect Forensics Data" is enabled on Agent Settings. User role is Instance Administrator. Triage type is "Online".
08-28-2024 10:34 PM
Solved!
I had not added the profile for Forensics to the "Prevention Policy Rule.
08-22-2024 09:29 AM
Hello @Aristooo
Thanks for reaching out on LiveCommunity!
On the configuration page, depending on the type of Artifacts, Volatiles and File collection you choose there may be different minimum agent versions requires to perform triage. Hence on the endpoints page please hover your mouse over "Eligible for forensics triage" button to see the conditions required for the eligible endpoints as shown in attached screenshot.
Please click Accept as Solution to acknowledge that the answer to your question has been provided.
08-22-2024 10:38 PM - edited 08-22-2024 11:17 PM
Hello @nsinghvirk
Thank you for your response. The endpoint meets all the requirements. And Forensics is enabled. I have activated 'Forensics' in the agent settings. Could it be that it needs to be activated somewhere else as well? Are 'Forensics' and 'is forensics' different things?
I have added screenshots
08-28-2024 10:34 PM
Solved!
I had not added the profile for Forensics to the "Prevention Policy Rule.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!