Collect artifacts
Insights E provides the Automatic artifact collection function for XBA diagnostics.
Artifact collection Settings
Artifact collection settings can be set in Artifact Collection Target in System > Settings > Threat Detection & Response.
The objects of collection are as follows.
| Collected Objects | Description |
|---|---|
| system information | System information collection |
| Autorun | Collect autorun items |
| Browser History | Collecting browser browsing history |
| Registry | Collect registry hives |
| Window Events | Windows event log collection |
| Prefetch Files | Prefetch file collection |
| FileSystem Information | Suspicious file collection |
Registry, File, and Process are artifacts automatically collected.
Collect artifact samples
Collect samples
- In Analysis > Threats > Management, click the ‘Details’ button of Threats that can request artifact collection from the list of threats detected as anomalies. On the detail screen, click the Artifact 'Collect button'.
- Select the desired terminal list in Analysis > Endpoints > Endpoint List and click the Tasks > Collect Artifact button.
- After selecting the desired group list in Analysis > Endpoints > Groups, click the Tasks > Collect Artifact button.
Check Collected Artifacts
Note
Collected artifacts can be viewed in Analysis > Acquisitions.
- When collecting artifacts, click the ‘Load Data’ button in the Acquisitions list. After loading the collected data, the ‘G-Report’ button is created.
- When you click the ‘G-Report’ button, the G-Report window is created and you can check the artifact-collected data in Report format.