Packages Tab

Collect and manage packages to support threat investigation and incident response.

The Packages tab of the Forensics and Analysis app allows you to collect and manage evidence packages.


This feature is not available in all regions.

The following table outlines the actions available on the Packages tab.



Collect evidence

Click Collect Evidence to collect evidence from endpoints.

View evidence packages collected from an endpoint

Click on an endpoint name to display all the packages collected from an endpoint.

The Packages tab displays the following information about packages:

  • Package: Name of the collected package

  • File size: Size of the package

  • Collection: Collection status of the package

    Collection statuses include:

    • In progress... (): The package is being processed

    • Successful (): The package was processed successfully

    • Partially Successful (): The Forensics and Analysis was unable to process some of the evidence types in the package

    • Unsuccessful (): An error or time-out occurred when processing the evidence package

  • Source: The product or method that uploaded the evidence package to the Forensics and Analysis app

  • Collected: The date and time the package was uploaded to the Forensics and Analysis app

  • Expiration: The date and time the package expires.

    • Evidence packages expire one year after upload.

    • Expired packages are automatically deleted.

Filter endpoints

Use the Search field and drop-down lists to locate specific endpoints.