Chat now with support
Chat with Support

Metalogix ControlPoint 8.2 - User Guide

Preface Getting Started with ControlPoint Using Discovery to Collect Information for the ControlPoint Database Cache Searching for SharePoint Sites Managing SharePoint Objects
Accessing SharePoint Pages Viewing Properties of an Object within the SharePoint Hierarchy Creating Dashboards for Monitoring Statistics within Your SharePoint Farm Setting Object Properties Managing Site Collection and Site Features Managing Audit Settings Creating and Managing SharePoint Alerts Setting ControlPoint Alerts Managing Metadata Copying and Moving SharePoint Objects (Version 8.0 and Earlier) Moving a Site Collection to Another Content Database Deleting Sites Deleting Lists Archiving Audit Log Data Before Moving or Deleting a Site Collection Duplicating a Workflow Definition from one List or Site to Others Removing a Workflow from One or More Lists (or Sites)
Using ControlPoint Policies to Control Your SharePoint Environment Managing SharePoint User Permissions Data Analysis and Reporting
Specifying Parameters for Your Analysis Analysis Results Display Generating a SharePoint Summary Report Analyzing Activity Analyzing Object Properties Analyzing Storage Analyzing Content Generating a SharePoint Hierarchy Report Analyzing Trends Auditing Activities and Changes in Your SharePoint Environment Analyzing SharePoint Alerts Analyzing ControlPoint Policies Analyzing Users and Permissions The ControlPoint Task Audit Viewing Logged Errors
Scheduling a ControlPoint Operation Saving, Modifying and Executing Instructions for a ControlPoint Operation Using the ControlPoint Governance Policy Manager (SharePoint 2010 and Later) Using Sensitive Content Manager to Analyze SharePoint Content for Compliance Using ControlPoint Sentinel to Detect Anomalous Activity Default Menu Options for ControlPoint Users About Us

Acting on Compliance Analysis Results

From the Compliance Summary page, you can take a number of compliance actions on returned SCM scans.  Use the information in the following table to determine the appropriate action to take.

NOTE:  Any option that is not valid for the result set is not available for selection.  For example, if you are viewing Compliance Action jobs, the option to Apply Compliance Actions will be disabled.

If you want to ...

Then ...

view more detailed information about scan results for individual items (and, optionally, export results for closer analysis)

·from the Sensitive Content Submission Maintenance page,select the applicable Detailed Analysis View link.

OR

·from the Compliance Summary page, click [View Detailed Classification Analysis].

Detailed Security Classification Analysis

Note that there is a separate tab for each classification, with detail about each item for which scan results were returned.

If you want to download a tabs-worth of results:

a)Choose one of the following export formats:

§XLS format (for opening in a pre-2007 version of Excel)

§Excel XML format (for opening in Excel 2007 or later)

§PDF formal

b)Click [Export].

re-classify an item that returned "Unable to Classify"

see Reclassifying Items Returned as Unable to Classify.

If you want an action to be taken on any items that were returned by Metalogix Sensitive Content Manager as 'Unable to Classify,' you must reclassify them before applying Compliance Actions to the scan job.

manage quarantined items (and you are a member of the ControlPoint Quarantine Administrators group)

see Managing Quarantined Items.

apply Compliance Actions to the selected job

a)From the Compliance Summary page, click [Apply Compliance Actions].

NOTE:  This option is not available if you filtered results by Compliance Action Jobs.

b)Either:

§select a previously-defined Compliance Action from the drop-down

OR

§define a new Compliance Action.

WARNING:  If you choose to Update Existing Compliance Actions, the changes will be applied to all scan jobs that use it going forward.  This is especially noteworthy in the case of ControlPoint Policies, because once the policy is created the most current definition of the Compliance Actions is applied automatically based on scan results.

 

Compliance Summary ACTIONS

c)When finished, click [Apply actions to current scan].

view items for which Compliance Actions have been taken

from the Compliance Summary page,, click [View Items Affected by Compliance Actions].

PII Compliance Action Details

Note that there is a separate tab for each action taken, with a list of items and the associated classifications returned by Metalogix Sensitive Content Manager.

If you want to download a tabs-worth of results:

a)Choose one of the following export formats:

§XLS format (for opening in a pre-2007 version of Excel)

§Excel XML format (for opening in Excel 2007 or later)

§PDF formal

b)Click [Export].

download items of a particular severity level (Mild, Moderate. or Severe) as a reusable selection on which you can perform ControlPoint operations

a)from the Compliance Summary page drop-down to the right of the Download icon icon, select a Classification (Severity Level).

Severity Level Dropdown

b)Click [Get Selection].

Severity Level Download GET SELECTION

You can now download and save the file, then upload it as a selection when performing a ControlPoint operation that involves list items. See Saving and Re-Using a SharePoint Object Selection.

Reclassifying Items Returned as Unable to Classify

If an item is returned from Metalogix Sensitive Content Manager with a Classification of 'Unable to Classify,' it means that the service detected "probable" sensitive content but was unable to classify it definitively as sensitive content. You can, however, review the file and apply a classification manually before applying a Compliance Action to the scan job.

If you want an action to be taken on any items that were returned by Metalogix Sensitive Content Manager as 'Unable to Classify,' you must reclassify them before applying Compliance Actions to the scan job.

To reclassify items returned as 'Unable to Classify':

1From the Detailed Security Classification Analysis page, select the Unable to Classify tab.

2Select the item(s) to which you want to apply a a particular classification.

PII Unable to Classify SELECTION

NOTE:  If you want to review the contents of an item before assigning a classification, click the URL link to open the item.

3Select a classification from the drop-down, then click [Reclassify].

Unable to Classify RECLASSIFY

You will be prompted to confirm the action before continuing.

CAUTION:  Once you reclassify an item, the drop-down becomes disabled and the item cannot be reclassified again.  If Compliance Actions have already been applied to the scan job containing the item(s), the Reclassify option will no longer appear on the page.

Once an item has been reclassified:

·it will be moved to the appropriate tab for the classification

AND

·the classification change(s) will be reflected on the Compliance Summary page.

Managing Quarantined Documents

If you are a member of the ControlPoint Quarantine Administrators group, you can manage items that have been quarantined as a result of a Compliance Action.  When an item is quarantined, it remains in the same location in the SharePoint list, but all permissions—except those of ControlPoint Quarantine Administrators—are removed.

Currently, members of the Quarantine Administators group must

§be a Site Collection Administrator for each site collection containing quarantined content (in order to invoke the Manage Quarantine Documents page from the SharePoint Hierarchy)

OR

§also be a member of the Compliance Administrators Group.

To manage quarantined items:

1Use the information in the following table to determine the appropriate action to take.

If you are starting from ...

Then ...

the SharePoint Hierarchy

a)Select the object(s) containing the quarantined items you want to manage.

b)Choose Compliance > Manage Quarantined Documents.

the Compliance Summary page

a)Make sure the Compliance Action jobs radio button is selected.

b)Select the Scan job containing the quarantined items you want to manage.

c)Click [Manage Quarantined Items].

Manage Quarantined Items

2Select the quarantined item(s) you want to act on.

Manage Quarantined Document

3If you want to review the content of a quarantined item before taking an action, click the Document link in the View column.

Now you can either:

·remove the item from quarantine

NOTE:  When you remove an item from quarantine, it is restored in its original location with the same permissions it had before it was quarantined.

OR

·permanently delete the file(s).

Reporting on Sensitive Content Activity

If you are a member of the ControlPoint Compliance Administrators group, you can use the ControlPoint Sensitive Document Activity report to view detailed information about documents analyzed by Sensitive Content Manager that:

·have been identified as "sensitive content" (that is, have been assigned a Severity Level)

AND

·have been accessed by at least one SharePoint user.

NOTE:  This report includes sensitive content identified both from realtime scans and as a result of the enforcement of ControlPoint Policies.

Before you can report sensitive document activity:

·Auditing must be enabled for each list or library for which you want to report sensitive document activity.  You can enable these settings for individual site collections from within SharePoint or, for a larger scope, using the ControlPoint Manage Audit Settings action.

·At least one Compliance scan must have been returned by Sensitive Content Manager with items that have been assigned a Severity Level.

To report sensitive document activity:

1Select the object(s) for which you want to report sensitive document activity.

2Choose Compliance > Sensitive Document Activity.

Sensitive Document Activity Report

The tiles at the top of the report highlight the following statistics for the selected time period (by default, the past month):

·Total Number of SCM (Sensitive Content  Manager) Classified Documents

·Sensitive Documents Accessed (that is, the number of times a document identified as having sensitive content has been accessed by a SharePoint user)

NOTE:  The number of times the System Account has modified the Scan Results field for the item on the SharePoint list will be included in this value unless the ControlPoint Configuration Setting Add Scan Results Column to Scanned SharePoint List is set to false.  Details can be found in the ControlPoint Administration Guide.

·Users Accessing Sensitive Documents (that is, the number of unique SharePoint users who have accessed documents identified as containing sensitive content)

·Realtime Scanning (that is, the number of days since the last realtime scan was performed)

To filter results that display in the body of the report:

1.Choose a different severity level from the Filter drop-down and/or modify the default date range.

Sensitive Document Activity FILTERS

2.Click [Refresh].

Graph Tab

The Sensitive Document Activity report Graph tab illustrates the Activity Count by Sensitivity for the selected Severity Level(s) and date range.

Note that you can click a Severity Level in the legend at the right side of the page to hide/display it.

Sensitive Document Activity GRAPH 2

Files Tab

The Sensitive Document Activity report Files tab lists all of the documents the Content Sensitive Manager identified as "sensitive content" for the selected Severity Level(s), grouped by list or library.

Note that this tab displays all content sensitive classified documents for the selected Severity Level(s), regardless of whether they have been accessed, and the date range filter does not apply.

Sensitive document Activity FILES

Users Tab

The Users tab lists the SharePoint users who have accessed documents with sensitive content within the specified time period, along with the Number of Docs Accessed.

Activity Tab

The Activity tab lists each individual instance of sensitive content activity, including the User Name. Activity Type, document Severity Level and Activity Date.

Related Documents