Save files (or messages) which triggered incident creation based on the policies

book

Article ID: 159774

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

Not able to save the Original Message/ Files that triggered incidents.

Resolution

For Detection servers other than Endpoint, when we open the snapshot of an Incident, in the Message Body section (at the bottom left side of the incident snapshot) there is an option to Open Original Message.

If the Detection server is Endpoint then in the snapshot under Message Body we don’t get this option.

This is working by design for Endpoint server, because by default Incident Data is not retained for Endpoint incidents. It is possible to change this behavior - for details see KB 46550.