After a Data Loss Prevention incident occurs, Apex One logs the incident details in a specialized forensic database. Apex One also creates an encrypted file containing a copy of the sensitive data which triggered the incident and generates a hash value for verification purposes and to ensure the integrity of the sensitive data. Apex One creates the encrypted forensic files on the agent machine and then uploads the files to a specified location on the server.
The encrypted forensic files contain highly sensitive data and administrators should exercise caution when granting access to these files.
Apex One integrates with Apex Central to provide Apex Central users with the DLP Incident Reviewer or DLP Compliance Officer roles the ability to access the data within the encrypted files. For details about the DLP roles and access to the forensic file data in Apex Central, see the Control Manager or Apex Central Administrator’s Guide.