This documentation supports the 25.1 version of BMC Helix for Security Incident Handling.To view an earlier version, select the version from the Product version menu.

Evidence and evidence log

Files and links that provide more information about the security issue are added to the security case as evidence. Evidence can also be additional information in the following forms:

  • Attachments or links to attachments
  • Links to websites
  • Multimedia files or links
  • Data files in gigabytes (GB) or terabytes (TB) in size

All file formats that are supported by your server are supported as file types for evidence.

A security user with write permissions to cases can create evidence and perform the following actions for evidence:

  • Add documents up to the size specified in the Action Request System server and up to 3 links as evidence
  • Update the description of the evidence
  • View the evidence log
  • Download the evidence log in the PDF format

Important

After an evidence file is added to a case, it cannot be altered.

Related topics

Product-overview

Security-stages

Evidence log

The evidence log is the audit log for every evidence file or link that displays all actions that are taken on the evidence, such as previewing and downloading. For example, when a user previews an evidence file or link, a note is added in the evidence log about who previewed the evidence, and the date and time when they previewed it.

Once added, you cannot modify the evidence files. You can only view the log of the evidence files.

An activity panel in the case shows the evidence log in reverse chronological order. It shows all activities of the evidence. The following image shows a sample evidence log in a case:

An example of an evidence log

Where to go from here

Adding-and-managing-evidence


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*