Evidence collection | TrendAI™

Views:

Learn about the available methods to collect evidence in Forensics.

Method	Description
Automatic evidence collection via Collect Evidence task	Automatically collect evidence from Windows, Linux, and macOS endpoints in your environment by running the Collect Evidence task.
Automatic evidence collection via playbooks	Automatically collect evidence from endpoints in your environment by creating Incident Response Evidence Collection security playbooks.
Automatic evidence collection via Security Playbook action node	Automatically collect evidence from Windows and Linux endpoints by adding a Collect evidence action node to an Endpoint Response, Automated Response, or Workbench Insight Progression Update playbook. The collected evidence is uploaded to the Forensics app automatically. See Manually create Endpoint Response playbooks, Manually create Automated Response Playbooks, and Manually create Workbench Insight Progression Update playbooks.
Manual evidence collection	Collect evidence from endpoints without an internet connection to support threat investigation and incident response by using the TrendAI™ Incident Response Toolkit. Manual evidence collection for Windows endpoints Manual evidence collection for Linux endpoints Manual evidence collection for macOS endpoints