Forensics for File Sharing Ingrid File Sharing events refer to file sharing activity only over the BitTorrent protocol. Forensics for File Sharing includes the following details: Category The type of shared content, set by the torrent uploader when uploaded to a torrent website. GeoIP Location Country where the IP address of this event resides. [Occurrence Date] Occurrence First Seen The first time the torrent was seen in the DHT, within a 24-hour period, ending at midnight UTC. [Occurrence Date] Occurrence Last Seen The last time the torrent was seen in the DHT, within a 24-hour period, starting at midnight UTC. Representative Event Timestamp The UTC time when the matching IP was observed in the torrent’s Distributed Hash Table (DHT). Source Port The network port used by the observed IP address for torrent activity. Torrent Hash A unique global identifier generated from torrent metadata and associated content, embedded in the torrent. Hashes for torrents in the Movies category are not shown. Torrent Title Name of the torrent, set by the torrent creator. Names for torrents in the Movies category are not shown. Viewing File Sharing Go to the Findings Table to view File Sharing findings [ Findings ➔ Findings Table]. API: GET: User Behavior Finding Details [/v1/companies/company_guid/findings?risk_vector=file_sharing] While events from the past year are searchable, only events from the past 60 days are displayed for your company. Filters File Sharing events are sorted by torrent category, as detailed in File Sharing Categories. The following advanced filters exist for File Sharing events: Applications Books Games Movies Music TV Torrents Marked Safe Some torrents, such as Linux distributions, are legitimate; other torrents are not. All torrents display an additional Marked As Safe field within File Sharing finding details; this indicates if the torrent is marked safe or not. Marking Torrents Safe in User Behavior Forensics There is a toggle to show or hide torrents marked as safe underneath the Torrent category filter. Marked torrents are shown alongside unmarked torrents by default. Hiding marked torrents removes them from the User Behavior Forensics list and subtracts them from the filter counts for each category until they are re-enabled. February 3, 2023: Updated field names to match product UI. October 29, 2020: Focuses only on the forensics data presented for File Sharing. Related articles File Sharing Risk Vector How is the File Sharing Risk Vector Observed? How is the File Sharing Risk Vector Assessed? Finding Behavior TLS/SSL Finding Remediation & Remediation Verification Feedback 0 comments Please sign in to leave a comment.