When detecting events related to file transfer over the network (for example, "File transfer over FTP" or "File transfer over HTTP"), PT ISIM proView Sensor saves the transferred files to the /opt/ptsecurity/data/files
directory on the server. Such a file becomes available for download in the event card in the PT ISIM proView Sensor web interface. The types of files saved are listed in the file /opt/ptsecurity/etc/current/file-store.yaml
. Only files up to 101 MB can be saved.
If the process of saving files overloads the system (for example, files occupy too much disk space), you can disable the extraction of files from traffic. When it is disabled, events related to file transfer are not registered.
ptdpi
service and temporarily interrupt traffic analysis.All actions of enabling and disabling the extraction of files from traffic are recorded in user activity history.