Hello everyone,
Does anyone know if Smartevent is able to show the file history and trajectory of a file across an enterprise?
An example would be a file that was first seen 1 month ago in several gateways and/or endpoints, indicating attack vectors (SMTP, FTP, HTTP, etc) and properties of said file (size, hash, filename and extension, etc)
Then later, if the file is flagged as malicious and seen again on a gateway or endpoint, one could go to a smartevent report or view, search a file by md5 or filename and confirm which endpoints received that file and what was the attack vector.
Many thanks for your tips.
Best regards,
Pedro Madeira