Use the Upload Offline Triage to upload archives containing forensic data collected by the offline collector.
The Forensics Triage feature enables you to create a custom, standalone executable package that collects all of the forensic artifacts in the configuration.
Use the Upload Offline Triage to upload archives containing forensic data collected by the offline collector. After the archive has been uploaded, the data is extracted and ingested into the forensics table on the tenant. Upload Offline Triage supports uploading packages created on both the Windows and macOS platforms..
In Cortex XDR, select → → → .
Click the link of the relevant investigation.
When in the Collections page, search for or select the triage and click the menu options button () to select Upload Offline Package.
Drag and drop or use the browse link to search for the file. More than one offline triage package can be uploaded at a time.
Note
Do not upload memory images captured by the Offline Triage Collector. These images are collected for analysis using third-party tools and are not intended for upload.
Click Done.