We have local discovery scans set up with scheduled scan to scan local user drive. Scans run, when we look at incident manager some show Incident Type as Discovery Summary with 1 or 2 files under evidence, File system scan report and File System scan failures.
Others show Incident Type as File System Discovery with details such as evidence name, file size, short match string
Question is why do some report one way and some do not? All have same policy assigned
A difference I see between the two is that in incident manager under the Rules Tab, the systems reporting Discovery Summary show nothing, they do show, under the classifications tab the classifications in the rule set.
The ones reporting File System Discovery show the Rule Set name and classifications under the tabs...
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.