Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Charris_Lappas
Collaborator

Forensics report with 3rd party AV

Can you please direct to a step by step guide on how to configure the Forensics report with 3rd party AV?

I have reviewed the How to configure Forensics blade to analyze an incident that was detected by external system 

but is a bit confusing. 

Thanks,

Charris Lappas

3 Replies
PhoneBoy
Admin
Admin

The SK you linked is the tool that would be run to kick off a forensics report, with a few different methods for kicking it off.

As each third party AV is different, the exact instructions will depend on the third party AV in question.

The SK mentions Symantec specifically, there is another SK for Trend: Setting up Sandblast Agent (SBA) Forensics Analysis trigger from Trend Micro Control Manager 

0 Kudos
Charris_Lappas
Collaborator

Looking it further there is another SK SandBlast Agent Integration with Third Party Anti-Virus Vendors  so what is the difference between the two. I have followed this SK but the forensics reports are not generated. 

0 Kudos
PhoneBoy
Admin
Admin

The difference is: one is reading from the Windows Event Log, another is relying on being explicitly triggered by the external tool.

As was suggested in the SK, you may need to open a TAC case with the requested information for Troubleshooting.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events