- February 3, 2023: Updated field names to match product UI.
- October 29, 2020: Focuses only on the forensics data presented for File Sharing.
Forensics for File Sharing includes the following details:
| Field | Description |
|---|---|
| Occurrence Last Seen | The last time the torrent was seen in the DHT, within a 24-hour period, starting at midnight UTC. |
| Occurrence First Seen | The first time the torrent was seen in the DHT, within a 24-hour period, ending at midnight UTC. |
| Representative Event Timestamp | The UTC time when the matching IP was observed in the torrent’s Distributed Hash Table (DHT). |
| GeoIP Location | Country where the IP address of this event resides. |
| Source Port | The network port used by the observed IP address for torrent activity. |
| Category | The type of shared content, set by the torrent uploader when uploaded to a torrent website. |
| Torrent Hash | A unique global identifier generated from torrent metadata and associated content, embedded in the torrent. Hashes for torrents in the Movies category are not shown. |
| Torrent Title | Name of the torrent, set by the torrent creator. Names for torrents in the Movies category are not shown. |
File Sharing events refer to file sharing activity only over the BitTorrent protocol.
While events from the past year are searchable, only events from the past 60 days will be displayed for your company.
Filters
File Sharing events are sorted by torrent category, as detailed in File Sharing Categories. The following advanced filters exist for File Sharing events:
- Applications
- Books
- Games
- Movies
- Music
- TV
Torrents Marked Safe
Some torrents, such as Linux distributions, are legitimate; other torrents are not. All torrents will display an additional Marked As Safe field within File Sharing finding details; this indicates if the torrent is marked safe or not.
Marking Torrents Safe in User Behavior Forensics
There is a toggle to show or hide torrents marked as safe underneath the Torrent category filter. Marked torrents are shown alongside unmarked torrents by default. Hiding marked torrents removes them from the User Behavior Forensics list and subtracts them from the filter counts for each category until they are re-enabled.