This article describes the functionality (behind the scenes) of the module. Click here for the overview article.
The module main functionality it is to gather information related to:
- Privileged Access Management and more precisely the processes that are running with Admin rights while the user is elevated through Privileged Access Management session;
- Next-gen Antivirus - collects information about infected and suspicious files and sends them as notifications in the Forensics view.
- Threat Prevention Endpoint - collects information related to the pages blocked and backlisted by this module.
This Forensics module uses the "Heimdal Insights" service to monitor the processes of the modules to be reported in the dashboard.