In Security Analytics Investigation, when you have the data for a drill point displayed in the Navigate view, you can:
- Extract files from a session and choose the type of files to extract: archives, audio BitTorrent, documents, executable, images, other, video, and web.
- Export the drillpoint as a packet capture (PCAP) file, a log file, or a meta file.
The details being exported are affected by both the time range and drill point at the time of exporting.
To export a drill point from the Navigate view:
- Conduct an investigation until you reach the desired drillpoint.
- In the toolbar, select Actions > Export and select one of the export options:
The drill point is extracted, and a message advises that the job is scheduled. You can check the jobs page for the status.