search cancel

How does the extractord service work?


Article ID: 174199


Updated On:


Security Analytics


  1. Extractor service looks at the flow to find any files or other artifacts in it. Extractor-live is a storage space for "micro" extractions i.e. automatic extractions based on rules, as opposed to running one manually. Micro-extractions are for sending files to Data Enrichment on-the-fly.

  2. There is no threshold-based auto-deletion going on.  However there is a command to delete extractions:  “scm extractions delete all”  NOTE: that this could take a very long time to run.