cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Forensics report with 3rd party AV

Can you please direct to a step by step guide on how to configure the Forensics report with 3rd party AV?

I have reviewed the How to configure Forensics blade to analyze an incident that was detected by external system 

but is a bit confusing. 

Thanks,

Charris Lappas

Tags (3)
3 Replies
Admin
Admin

Re: Forensics report with 3rd party AV

The SK you linked is the tool that would be run to kick off a forensics report, with a few different methods for kicking it off.

As each third party AV is different, the exact instructions will depend on the third party AV in question.

The SK mentions Symantec specifically, there is another SK for Trend: Setting up Sandblast Agent (SBA) Forensics Analysis trigger from Trend Micro Control Manager 

0 Kudos

Re: Forensics report with 3rd party AV

Looking it further there is another SK SandBlast Agent Integration with Third Party Anti-Virus Vendors  so what is the difference between the two. I have followed this SK but the forensics reports are not generated. 

0 Kudos
Admin
Admin

Re: Forensics report with 3rd party AV

The difference is: one is reading from the Windows Event Log, another is relying on being explicitly triggered by the external tool.

As was suggested in the SK, you may need to open a TAC case with the requested information for Troubleshooting.