Enterprise DLP
Download Files for Evidence Analysis
Table of Contents
Download Files for Evidence Analysis
Download files that match your Enterprise Data Loss Prevention (E-DLP) data profiles for
investigative analysis.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
After you successfully connect your AWS storage bucket, Azure storage bucket, or SFTP server to Enterprise Data Loss Prevention (E-DLP) to store evidence
for traffic that match your Enterprise DLP data profiles, you can download a
file to your local device the instance of traffic scanned by the DLP cloud service
that generated the DLP incident to allow for in-depth investigation.
Traffic scanned by the DLP cloud service while Enterprise DLP is disconnected
from your cloud storage bucket isn't stored in your cloud storage. This means that
all files created by traffic that generated a DLP incident aren’t available for
download. However, all snippet data is preserved and can still be viewed in Enterprise DLP.
The file format or the matched traffic is dependent on the type of traffic that
generated the DLP incident.
- File Based—Copy of the file that generated the incident is saved in the same file format in which it was inspected.
- Non-File—Non-file traffic is saved in .txt format.If a file is shared in a non-file based app, for example Slack, then the file is saved in the same file format in which it was inspected.
- Email DLP—Outbound emails are saved in .eml format.
- Connect your AWS storage bucket, Azure storage bucket, or SFTP server to Enterprise DLP if not already connected.The files available to download are only files scanned by the DLP cloud service after you successfully connected Enterprise DLP to your cloud storage bucket.(AWS and Azure only) Log in to the Amazon AWS console or Microsoft Azure portal and access the cloud storage you connected to Strata Cloud Manager. Select Reports and enter a Report ID to Search.The object Name is the Report ID.Log in to Strata Cloud Manager.Select and search for the Report ID.Review report summary and click the download button to download the file to your device.Whether the stored file is downloaded directly to your local device is dependent on the storage bucket you connected to Enterprise DLP.
- AWS and Azure—The file associated with the particular Report ID is downloaded locally to your device.
- SFTP Server—Enterprise DLP displays the folder path of the location the file was uploaded to on your SFTP server. You must access your SFTP server to download the file to your local device.
![]()
