Managing Scanned Files
Use the Manage Scanned Files operation to review and act on files that have been scanned for compliance. You can:
·apply filters to further refine the results that display in the grid
·choose to "ignore" (that is, hide from the grid) files that do not require review or action
EXCEPTION: Quarantined files cannot be ignored.
·link to individual files to review their content
·remove files from quarantine
·remove files from SharePoint.
To manage scanned files:
1Use the information in the following table to determine the appropriate action to take.
|
If you are starting from ... |
Then ... |
|---|---|
|
the SharePoint Hierarchy |
a)Select the object(s) containing the scanned files you want to manage. b)Choose Compliance > Manage Scanned Files. |
|
a)Make sure the Compliance Action jobs radio button is selected. b)Select the Scan job containing the files you want to manage. c)Click [Manage Scanned Files]. |
3.To filter items that display in the grid:
·Enter a full or partial file name in the File Name Contains field, and/or select specific Search Terms from the drop-down.
·If you want to Include Ignored Files (which are hidden by default), check the applicable box(es).
REMINDER: "Ignore" is a status that you can apply to files that you do not want to display in the grid by default (because, for example, they do not require further review or action).
NOTE: Because quarantined files cannot be ignored, if you select Show Only Quarantined Files, the Include Ignored Files option becomes disabled. If you upgraded from version 8.5, all quarantined files will always display, even those that show a status of Ignored.
·Click [Apply Filters].
Note that if you chose to include Ignored or Quarantined files, they will be labeled as such in the Status field.
TIP: If you want to review quarantined or Ignored files specifically, sort on the Status column to group these files together.
Now you can:
·open a file whose contents you want to review (by clicking the File Path link)
AND/OR
·select files on which you want to perform an action, then click the appropriate action button: [Remove from Quarantine], [Remove from SharePoint], [Ignore], or [Unignore].
Note that when a file is removed from SharePoint it no longer displays in the grid.
NOTE: When you remove a file from quarantine, it is restored in its original location with the same permissions it had before it was quarantined, and you cannot remove an attachment from quarantine without also removing its parent item.
Removing Scanned Files from SharePoint
If you attempt to remove one or more files from SharePoint, you will be prompted to confirm your selection. Unlike the Sensitive Content Submission Maintenance feature, you can remove individual files which has been quarantined.
If you delete an item that has attachments, the attachments will automatically be deleted along with the item.
Analyzing Scanned Files
The Scanned Files by Search Term and Scanned Files by Scope analyses let you view all of the files that have been scanned for sensitive content, along with the search term(s) found. By default, results display the most recent scan performed on each file within the selected scope, but you can also enter a date range.
To generate a Scanned Files analysis:
1Select the object(s) you want to include in your analysis.
2RightChoose the appropriate option, based on how you would like to have results grouped:
§Compliance > Scanned Files by Scope
OR
§Compliance > Scanned Files by Search Terms.
3Specify the parameters for your analysis.
IMPORTANT:
§Currently, you can only Filter by Search Terms if you enter one complete search term (that is, you cannot filter by multiple or partial search terms).
If you leave the Filter by Search Terms field blank, all search terms within the scope of your analysis will be included.
4Under Advanced Parameters:
·If you leave the Start Date and End Date blank (the default), the most recent scan performed on each scanned file will be included in analysis results. If you enter a Start Date and End Date, results will include all scans performed within the date range.
·If you want to run the analysis on scans for which the permissions of users who performed the scans were collected since the last run of ControlPoint Discovery, check the Security trimming using cached permissions box. If you leave this box unchecked, the analysis will be run using real-time permissions, but processing time my increase significantly.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
Results are grouped either by scope or search term (depending on the analysis selected).
Auditing Compliance Actions
The lists actions taken on files scanned by Sensitive Content Manager over a specified date range.
To generate a Compliance Actions Audit:
1Select the object(s) you want to include in the audit.
2Choose Compliance > Compliance Actions Audit.
3Specify the parameters for your analysis.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
Results include each file within the scope of your analysis, grouped by site collection, along with the date the scan was performed, the action taken, and the account the action was taken by.
NOTE: For any scans performed prior to version 8.6, the "by" displays NA, as this information was not captured for Compliance reporting purposes in earlier versions of ControlPoint.
Note that for files with embedded items, only the parent item is included in the audit.
Reporting on Sensitive Content Activity
If you are a member of the ControlPoint Compliance Administrators group, you can use the ControlPoint Sensitive Files Activity report to view detailed information about files analyzed by Sensitive Content Manager that:
·have been identified as "sensitive content" (that is, have been assigned a Severity Level)
AND
·have been accessed by at least one SharePoint user.
Before you can report sensitive files activity:
·Auditing must be enabled for each list or library for which you want to report sensitive activity. You can enable these settings for individual site collections from within SharePoint or, for a larger scope, using the ControlPoint Manage Audit Settings action.
·At least one Compliance scan must have been returned by Sensitive Content Manager with items that have been assigned a Severity Level.
To report sensitive files activity:
1Select the object(s) for which you want to report sensitive files activity.
2Choose Compliance > Sensitive Files Activity.
The tiles at the top of the report highlight the following statistics for the selected time period (by default, the past month):
·Total Number of SCM (Sensitive Content Manager) Classified Files
·Sensitive Files Accessed (that is, the number of times a file identified as having sensitive content has been accessed by a SharePoint user)
NOTE: The number of times the System Account has modified the Scan Results field for the item on the SharePoint list will be included in this value unless the Sensitive Content Manager Configuration Setting Add Scan Results Column to Scanned SharePoint List is set to false. Details can be found in the ControlPoint Administration Guide.
·Users Accessing Sensitive Files (that is, the number of unique SharePoint users who have accessed files identified as containing sensitive content)
·Realtime Scanning (that is, the number of days since the last bulk scan was performed)
To filter results that display in the body of the report:
1.Choose a different severity level from the Filter drop-down and/or modify the default date range.
2.Click [Refresh].
Graph Tab
The Sensitive Files Activity report Graph tab illustrates the Activity Count by Sensitivity for the selected Severity Level(s) and date range.
Note that you can click a Severity Level in the legend at the right side of the page to hide/display it.
Files Tab
The Sensitive Filest Activity report Files tab lists all of the files the Content Sensitive Manager identified as "sensitive content" for the selected Severity Level(s), grouped by list or library.
Note that this tab displays all content sensitive classified files for the selected Severity Level(s), regardless of whether they have been accessed, and the date range filter does not apply.
Users Tab
The Users tab lists the SharePoint users who have accessed files with sensitive content within the specified time period, along with the Number of Files Accessed.
Activity Tab
The Activity tab lists each individual instance of sensitive content activity, including the User Name. Activity Type, file Severity Level and Activity Date.