Setting Sensitive Content Manager End Points and Managing Scanning Preferences
ControlPoint Application Administrators use the ControlPoint Sensitive Content Manager Configuration dialog to set EndPoints to point to the server(s) on which Sensitive Content Manager is configured. Members of the Compliance Administrators group can also test the availability of each EndPoint and change default preferences for scanning content.
NOTE: ControlPoint Application Administrators can also configure EndPoints individually and update other configuration settings via ControlPoint Configuration Settings - Compliance settings.
To launch the ControlPoint Sensitive Content Manager Configuration dialog:
From the left navigation Manage tab, choose Compliance > Sensitive Content Configuration Maintenance.
Setting EndPoints
The Value of each Sensitive Content Manager EndPoint must be set to point to the server(s) on which Sensitive Content Manager is configured your environment. Use the information in the following table for guidance.
|
Endpoint |
Description |
Value |
|---|---|---|
|
Sensitive Content Manager Upload EndPoint |
The URL for the Sensitive Content Manager for sending files. This corresponds to the File Upload URL specified at the time Sensitive Content Manager was installed. |
http://<server.domain> (or if installed on multiple servers: |
|
Sensitive Content Manager Results EndPoint |
The URL for the Sensitive Content Manager service for retrieving files job results. This corresponds to the Results Service URL specified at the time Sensitive Content Manager was installed. |
http://<server.domain> (or if installed on multiple servers: |
|
Sensitive Content Manager Profile EndPoint |
The URL for the Sensitive Manager service for retrieving profiles. This corresponds to the Profile Service URL specified at the time Sensitive Content Manager was installed. |
http://<server.domain> (or if installed on multiple servers: |
|
Sensitive Content Manager Search Terms |
The URL for the Sensitive Content Manager service for retrieving rules used to identify a specific kind of sensitive content. This corresponds to the Subquestion Service URL specified at the time Sensitive Content Manager was installed. |
http://<server.domain> (or if installed on multiple servers: |
When you have finished setting EndPoints, click [Update].
Testing Availability of EndPoints, File Upload, and Results
From the EndPoint Testing tab, you can test the availability of each endpoint that you set, as well as whether files can be uploaded to/received from Sensitive Content Manager.
If you click a [Test EndPoint] button and the status returns as Unavailable, make sure that the URL is correct and that the service is available on the Sensitive Content Manager server side.
If you click [Test File Upload], ControlPoint will send a sample file to Sensitive Content Manager, and will display a log of the action. If you then click [Test File Results], ControlPoint will log the progress of the file's return.
Managing Scanning Preferences
ControlPoint can create columns called Scan Results and/or Terms Detected. Each time a scan is performed, the Severity Level is populated for the scanned item.
ControlPoint Application Administrators can allow this column to be created/populated by changing the value(s) of Automatically add Scan File Results column and update with severity level in SharePoint Lists and/or Automatically Add Terms Detected column and update with severity level in SharePoint Lists from false to true.
Preparing Your Environment for Using ControlPoint Sentinel
If you want to use ControlPoint Sentinel for anomalous activity detention, you must prepare your environment so that data collection can begin.
A.SharePoint auditing must be enabled on all site collections for which Anomalous Activity detection will be performed.
B.Anomalous Activity Detection must be enabled to run:
§via the Windows AnomaloousActivityJob scheduled task
OR
§as part of the ControlPoint Scheduled Job Review.
Enabling SharePoint Auditing
ControlPoint Sentinel analyzes the following SharePoint audit log events for Anomalous Activity Detection:
·Editing items
·Deleting or restoring items
·Opening or downloading documents, viewing items in lists, or viewing item properties.
You can enable these settings for individual site collections from within SharePoint or, for a larger scope, using the ControlPoint Manage Audit Settings action.
Enabling the Anomalous Activity Detection Job
1Log into the server where ControlPoint Online is installed and open the Windows Task Scheduler.
2Navigate to Task Scheduler Library > Metalogix > ControlPoint Online.
3Right-click on AnomalousActivityJob and choose Enable.
By default, the job is scheduled to run daily, at 4:00 am (local server time). You may however, change the schedule to run more frequently. Note that, the more frequently the job is run, the sooner an alert may be generated when an Anomalous Activity Limit is reached.
Enabling Anomalous Activity Detection via the ControlPoint Scheduled Job Review
As an alternative to using the Anomalous Activity Detection Job, you can choose to have anomalous activity detection performed as part of the ControlPoint Scheduler Job. (which, by default, runs every 10 minutes). ControlPoint Application Administrators can enable this option by changing the ControlPoint Configuration Setting Enable Options That Require Anomalous Activity Detection from False to True.
Running ControlPoint Online Operations Using PowerShell
For any ControlPoint Online operation that includes the Save As option, which generates an xml file with instructions, you can run that operation using PowerShell.
NOTE: Currently, you can only run instructions for analyses using real-time (not cached) data.
Account Login Requirements
You can run ControlPoint Online actions in PowerShell from the server on which ControlPoint Online is installed. The account you use to log into the server machine must be a Site Collection Administrator for the site collections for the scope of the operation being performed.
Before You Begin: Update the App.config File
1Open the file App.config (by default, located in the folder \\Program Files\Metalogix\ControlPoint Online\Powershell).
2Locate the <endpoint address = line, and change http://SMALLTEMPLATE:2828 to the path to the ControlPoint Online application in your environment.
Loading the ControlPoint Online cmdlets
The ControlPoint snap-in contains the cmdlets needed to run a ControlPoint action.
You can either:
·load the snap-in every time you open PowerShell, or
·add the snap-in to your PowerShell profile so it will automatically load the cmdlets whenever PowerShell opens.
Refer to the msdn article on Windows PowerShell Profiles for details on creating a PowerShell profile.
Loading the ControlPoint Online snap-in
NOTE: These are the Windows default directories. The location of files may be different in your environment.
|
Line |
Command |
Description |
|---|---|---|
|
1 |
Set-Alias install util C:Windows\Microsoft.NET\Framework64\ |
Maps an alias to an install utility that ships with the .NET Framework. |
|
2 |
Change to the following directory: C:\Program Files\Metalogix\ControlPoint Online\Powershell\
then add the snap-in by adding Add-PSSnapin xcsnapin; |
Navigates to the directory containing the xcPowerShell.dll file that contains the ControlPoint Online cmdlets. |
|
3 |
installutil xcPowerShell.dll |
Uses the install utility to load xcPowerShell.dll into Powershell |
|
4 |
Add-PSSnapin xcSnapin |
Adds the snap-in containing all of the ControlPoint Online cmdlets. |
Below is an example of the lines of text above in the PowerShell profile.
Below is an example of a PowerShell session with the ControlPoint Cmdlets successfully loaded.
