Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Sensitive Content Manager 2.2.4 - Administration Guide

Profiles

A profile is a named collection of content search and analysis specifications. Each profile is made up of search terms and regular expressions that can detect sensitive content in English, German, Spanish, Italian, French and Portuguese. SCM ships with 4 default profiles:

·General Data Protection Regulation (GDPR)

·Personally Identifiable Information (PII)

·Protected Health Information (PHI)

·Payment Card Information (PCI)

The file search and analysis criteria requirements for your organization may differ from the system profiles that are available. For example, you may want to create a custom profile to group a different subset of the predefined search terms, add custom search terms for sensitive data types, or analyze data that falls outside common definitions of PII, PHI or financial data. Custom profiles created with the SCM profile wizard can be made available to both SCM and ControlPoint users.

With the standard or custom profiles, SCM allows you to analyze the following file types -

·Compressed files (ZIP, 7z, TAR, RAR etc.)

·Comma Separated Values (CSV)

·Log Files

·Microsoft Excel

·Microsoft Excel 2007

·Microsoft Outlook Express Mail Message

·Microsoft Outlook Message

·Microsoft PowerPoint Presentation

·Microsoft PowerPoint Presentation 2007

·Microsoft PowerPoint Show

·Microsoft PowerPoint Show 2007

·Microsoft Word Document

·Microsoft Word Document 2007

·Open Document Text

·Portable Document Format (PDF)

·PowerShell

·Rich Text Format (RTF)

·Text Document

In this topic

Steps to view profiles

Steps to create a new profile

Steps to edit a profile

Steps to delete a profile

Steps to customize a system profile


Steps to view profiles

1.From the navigation panel, click CONFIGURATION and then click PROFILES. The Profiles page opens.

img-0400

The columns in the list are as follows:

a.Profile - a named set of search terms

b.Type - indicates whether the profile is a system profile img-0300 or a custom profile img-0310.  System profiles cannot be edited but can be cloned to create custom profiles.

c.Search Term - indicates the number of search terms in the profile.

·To customize the number of items displayed on the page, click the Items per page drop down below the list and choose the number of items you wish to display. If there are more profiles than the list can display, you can use the navigation links below the list to browse through more profiles.

·Enter a keyword in the Filter field above the list to filter the set of profiles by the keyword entered.

·Click Refresh to retrieve and display a fresh set of profiles from the SCM repository.

2.Click a profile link to view the profile details. The Profile - Summary page opens.

img-0405

3.Click Close to return to the Profiles page.


Steps to create a new profile

1.From the navigation panel on the left, click CONFIGURATION and then click PROFILES. The Profiles page opens.

2.Click Create img-0330 to open the new profile wizard. The New Profile - Properties page opens.

img-0410

Specify the property values as described below:

a.Profile Name - enter a unique profile name. The profile name cannot exceed 100 characters.

b.Profile Description - enter a description of the profile. The description text should not exceed 256 characters.

3.Click Next. The New Profile - Search Terms page opens.

4.From the Available Search Terms list, select one or more check boxes to choose the search terms for the profile. You can filter the list by entering a key word in the Filter field of the Available Search Terms list. If the key word exists in the name or the description of the search term, you will see the result set in the list. To include custom search terms in the list, see Search Terms.

5.Click img-0350 to move the selected search terms to the Profile Search Terms list.

img-0420

6.To remove a search term from the Profile Search Terms list, select one or more check boxes in the Profile Search Terms list. You can filter the list by entering a key word in the Filter field of the Profile Search Terms list. If the key word exists in the name or the description of the search term, you will see the result set in the list.

7.Click img-0340 to move the selected search terms back to the Available Search Terms list.

8.When you complete the selection of search terms as displayed in the Profile Search Terms list, click Next. The New Profile - Summary page opens.

img-0430

9.Verify the new profile properties and search terms, and then click Save & Exit. You can click Cancel to exit the wizard or click Previous to revise the profile.


Steps to edit an existing profile

1.From the navigation panel on the left, click CONFIGURATION and then click PROFILES. The Profiles page opens.

2.Select a custom profile that you want to edit. You cannot edit a system profile.

img-0440

3.Click Edit img-0360 to open the profile editor. The Edit Profile - Properties page opens.

4.Review and revise the properties as needed.

5.Click Next. The Edit Profile - Search Terms page opens.

6.From the Available Search Terms list, select one or more check boxes to choose the search terms for the profile. You can filter the list by entering a key word in the Filter field of the Available Search Terms list. If the key word exists in the name or the description of the search term, you will see the result set in the list.

7.Click img-0350 to move the selected search terms to the Profile Search Terms list.

8.To remove a search term from the Profile Search Terms list, select one or more check boxes in the Profile Search Terms list. You can filter the list by entering a key word in the Filter field of the Profile Search Terms list. If the key word exists in the name or the description of the search term, you will see the result set in the list.

9.Click img-0340 to move the selected search terms back to the Available Search Terms list.

10.When you complete the revision of search terms as displayed in the Profile Search Terms list, click Next. The Edit Profile - Summary page opens.

11.Verify the revised profile properties and search terms, and then click Save & Exit. You can click Cancel to exit the wizard or click Previous to revise the profile.

caution

CAUTION: If a profile is modified while files are being scanned with the same profile, the scan will continue. All remaining files that are scanned will use the revised profile.


Steps to delete an existing profile

1.From the navigation panel on the left, click CONFIGURATION and then click PROFILES. The Profiles page opens.

2.Select a custom profile that you want to delete. You cannot delete a system profile.

3.Click Delete img-0370 and then click Yes in the confirmation dialog to confirm the deletion.

caution

CAUTION: If a profile is modified while files are being scanned with the same profile, the scan will continue. All remaining files that are scanned after the profile is deleted, will produce a failed result and include no term matches.


Steps to customize a system profile

1.From the navigation panel on the left, click CONFIGURATION and then click PROFILES. The Profiles page opens.

2.Select a system profile.

3.Click Clone to open the new profile wizard. The Clone Profile - Properties page opens.

img-0450

Change the property values as described below:

a.Profile Name - enter a unique profile name. The profile name cannot exceed 100 characters.

b.Profile Description - change the description of the profile. The description text should not exceed 256 characters.

4.Click Next. The Clone Profile - Search Terms page opens in edit mode with the same search terms as in the original profile.

img-0460

5.From the Available Search Terms list, select one or more check boxes to choose additional search terms for the custom profile. You can filter the list by entering a key word in the Filter field of the Available Search Terms list. if the key word exists in the name or the description of the search term, you will see the result set in the list.

6.Click img-0350 to move the selected search terms to the Profile Search Terms list.

7.To remove a search term from the Profile Search Terms list, select one or more check boxes in the Profile Search Terms list. You can filter the list by entering a key word in the Filter field of the Profile Search Terms list. If the key word exists in the name or the description of the search term, you will see the result set in the list.

8.Click img-0340 to move the selected search terms back to the Available Search Terms list.

9.When you complete the selection of search terms as displayed in the Profile Search Terms list, click Next. The Clone Profile - Summary page opens.

img-0470

10.Verify the new profile properties and search terms, and then click Save & Exit. Click Previous to revise the profile. Click Cancel and then click Yes in the confirmation dialog to exit the wizard.

 

Search Terms

A search term is a named entity for a regular expression that is used in a profile to scan files for matching patterns.

In this topic

Steps to view search terms

Steps to create a new search term

Steps to edit a search term

Steps to delete a search term


Steps to view search terms

1.From the navigation panel on the left, click CONFIGURATION and then click SEARCH TERMS. The Search Terms page opens.

img-0500

The columns in the list are as follows:

a.Search Term - name of the search term

b.Type - indicates whether the search term is a standard search term img-0300 or a custom search term img-0310.  Standard search terms cannot be edited.

c.Description - explanation of the search term.

d.Used in Profiles - integer value that indicates the number of profiles that use the search term.

·The list can be customized to display more or less items on the page. Click the Items per page drop down below the list and choose the number of items you wish to display. If there are more search terms than the list can display, you can use the navigation links below the list to browse through more search terms.

·Enter a keyword in the Filter field above the list to filter the set of search terms by the keyword entered.

·Click Refresh to retrieve and display a fresh set of search terms from the SCM repository.

2.Click a search term to view its details.

 


Steps to create a new search term

1.From the navigation panel on the left, click CONFIGURATION and then click SEARCH TERMS. The Search Terms page opens.

2.Click Create img-0330 to open the Custom Search Term window.

Specify the property values as described below:

a.Name - enter a unique search term name. The profile name cannot exceed 100 characters.

b.Description - enter a description of the search term. The description text should not exceed 256 characters.

c.Expression - enter a regular expression to match a text pattern in a file.

d.Sample Text - enter any text that contains the pattern you want to match.

3.Click Test. If a pattern match occurs in the Sample Text field, the matching pattern will be highlighted.

info

NOTE: If the test expression includes inline modifiers like (?i) for case insensitivity, you may get false negative results.  For these expressions please consider testing them at http://regexstorm.net/tester

img-0510

4.Click Save to save the new search term. Verify that it is listed in the Search Terms list. You can click Cancel to exit the window.


Steps to edit an existing search term

1.From the navigation panel on the left, click CONFIGURATION and then click SEARCH TERMS. The Search Terms list page opens.

2.Select a custom search term that you want to edit. You cannot edit a standard search term.

3.Click Edit img-0360 to open the Custom Search Term window.

4.Review and revise the properties as needed.

5.If you revise the regular expression it is recommended that you enter some appropriate text in the Sample Text field and click Test to verify the regular expression.

6.Click Save to save the new search term. You can click Cancel to exit the window.

caution

CAUTION: If a search term is modified while files are being scanned with a profile that contains the same search term, the scan will continue and all remaining files that are scanned will use the revised search term.


Steps to delete an existing search term

1.From the navigation panel on the left, click CONFIGURATION and then click SEARCH TERMS. The Search Terms list page opens.

2.Select a custom search term that you want to delete. You cannot delete a standard search term.

3.Click Delete img-0370 and then click Yes in the confirmation dialog to confirm the deletion.

caution

CAUTION: If a search term is deleted while files are being scanned with a profile that contains the same search term, the scan will continue but none of the remaining files will be checked for patterns that match the deleted search term.

 

Settings

Log files that are generated by the application have different levels of severity. The Settings page lets you specify the logging level of system messages.

Steps to set the logging level

1.From the navigation panel on the left, click CONFIGURATION and then click SETTINGS. The Settings page opens.

2.From the Logging Level drop down, select one of the following log levels listed below by descending severity:

·Verbose - Logs that contain the most detailed messages. These messages may contain sensitive application data. These messages are deactivated by default and should never be activated in a production environment.

·Debug - Logs that are used for interactive investigation during development. These logs should primarily contain information useful for debugging and have no long-term value.

·Information - Logs that track the general flow of the application. These logs should have long-term value.

·Warning - Logs that highlight an abnormal or unexpected event in the application flow, but do not otherwise cause the application processes to stop.

·Error - Logs that highlight when the application processes stop due to a failure. These should indicate a failure in the current activity, not an application-wide failure.

·Fatal - Logs that describe an unrecoverable application or system crash, or a catastrophic failure that requires immediate attention.

info

NOTE: The level you choose will also include all levels below it. For example, if you choose Verbose, all the other log levels will also be tracked. If you choose Warning, then the only the log levels Warning, Error and Fatal will be tracked.
When a log level is changed, you must allow between two to five minutes for the new log level to be distributed to all the services. If scans are in progress, the new log level will be applied only when the services are able to register the new log level.

Support Tools

Support Tools are provided with the installation media.

To access the support tools:

1.Download the installation ZIP file and extract all the files on the machine on which you are planning to install the SCM components.

2.Open the Support Tools folder.

About the Support Tools

A summary of each tool is provided below. Each folder contains a ReadMe.txt file that provides detailed information about the tool.

Archive-Logs

A PowerShell script to create a copy of all the log files for SCM into a single .zip file.

Forensics

PowerShell scripts to visualize the timeline of verbose SCM log entries for better troubleshooting.

Mx Connectivity Tests

PowerShell script and aspx page to troubleshoot the connectivity to SQL server.

PemTool

Tool to generate the .pem files needed for RabbitMQ

Phoenix        

Command-line program that helps you to process RabbitMQ dead-letter messages.  Helps you to capture content to SQL, resubmit, or move messages to a new Queue.

Rabbit Migration

PowerShell script to migrate the RabbitMQ base folder from one location to another. You would typically move it from the %APPDATA% folder to a shared location like the %PROGRAMDATA% folder.

Rabbit Snapshot        

PowerShell script to import and export a RabbitMQ configuration from one machine to another.

SCM diagnostics

Collects information about the environment and logs for troubleshooting like Event logs, IIS logs, list of installed programs, RabbitMQ configuration, SCM Logs and application .json files.

SCM Report Conversion

PowerShell script to convert the exported scan report to an Essentials format for integration. In SCM 2.1.1 and later versions, report conversion is possible directly from the Administration Center.

SCM Scans

PowerShell scripts to submit a file share scan and download the resulting CSV report. The script requires a Profile Id. To get the Profile Id of a standard or custom profile:

1.From the navigation panel in the Administration Center, click CONFIGURATION and then click PROFILES. The Profiles page opens.

2.Click a profile link. The Profile - Summary page opens.

3.Get the Profile Id from the URL. For example, for the Personally Identifiable Information (PII) profile, the Profile Id is 1 (https://<domain:port>/#/profile/view/1)

ScpTool

An executable to test access to the Service Connection Point (SCP) data in Active Directory.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation