Disabling the extraction of files from traffic

When detecting events related to file transfer over the network (for example, "File transfer over FTP" or "File transfer over HTTP"), PT ISIM proView Sensor saves the transferred files to the /opt/ptsecurity/data/files directory on the server. Such a file becomes available for download in the event card in the PT ISIM proView Sensor web interface. The types of files saved are listed in the file /opt/ptsecurity/etc/current/file-store.yaml. Only files up to 101 MB can be saved.

If the process of saving files overloads the system (for example, files occupy too much disk space), you can disable the extraction of files from traffic. When it is disabled, events related to file transfer are not registered.

Changing this setting will automatically restart the ptdpi service and temporarily interrupt traffic analysis.
To disable the extraction of files from traffic:On the toolbar, click , and on the menu that opens, click File extraction from traffic.In the drop-down list, select Disable.Click Save.The extraction of files from traffic is disabled.

All actions of enabling and disabling the extraction of files from traffic are recorded in user activity history.

The website uses cookies according to the cookie policy.