User Guide
Glossary of Terms

A worker process, installed locally or on a remote VM, capable of scanning and evaluating locations for sensitive data.

The on-premise agent interface that an end user can launch on an endpoint.

An Agent Policy is a set of rules for the agent to follow.

An Asset or Data Asset is a location, local, or remote (such as cloud-based), that contains Targets (a Target is any data location inside an Asset that SDP can scan).
-
For example, an SQL server (Asset) with multiple SQL Databases hosted on it (Targets)
A location can be both an Asset and a Target.
-
For example, a workstation (Asset and single Target)

The action of applying a label to a location via the file system, directly within the file metadata, or within the SDP database.

Defined data structures that represent different types of sensitive data, such as a credit card number, password, or social security number.

An end-user provided list of terms Sensitive Data Engine (SDE) can use to look for.

The action of scanning a file system to find files and folders OR databases / blob stores to identify data locations.

A group of agents configured to scan targets and collectively work to complete that scan.

A group of agents configured to scan targets and collectively work to complete that scan.

A group of agents configured to scan targets and collectively work to complete that scan.

A simple data type that is an exact case-sensitive match.

The amount of time elapsed since the agent sent a signal indicating it was active/ready.

An end-user who is directly logged into a given computer (that is, "At the keyboard" and not through Remote Desktop/RDP).

A scan match result such as "c:\temp\chat.docx".
A Location can have one to many matches.

Unmanaged data refers to data that is stored and managed by the data owner or organization, who is responsible for all aspects of data management:
-
Infrastructure
-
Security
-
Maintenance
Unmanaged data is often stored in various locations without a clear management structure.
Unmanaged often lacks proper access controls, encryption, and regular security audits.
Without proper oversight, unmanaged data is more vulnerable to breaches, malware, and other security threats.
This contrasts with Managed data, where a third-party provider, such as Microsoft Azure or AWS handles these responsibilities.
-
Unmanaged data example: Running a database on your own servers, where you manage the hardware, software, and security yourself.
-
Managed data example: Using a managed database service where a cloud provider handles the underlying infrastructure, software, and database management.

An instance of Sensitive Data, such as a single credit card number, found in a Location.
Each individual match is unique.

Spirion’s password syntax rules are as follows:
The password must be at least 10 characters long, and a minimum of:
- 1 alpha character
- 1 uppercase
- 1 lowercase
- 1 number
- 1 special character
Use only passwords which conform to these rules.

Personally Identifiable Information.
Any information that can identify a person.
Examples include: name, address, social security number, telephone number, email address, gender, race, birth date, medical, educational, financial and employment information

A sequential set of rules which define the action(s) to be taken when performing a scan.
For example, refer specific matches to a specific department for review and remediation.

The administrative view for creating and defining a playbook.

The end user view for investigation and remediation of matches.

Settings that determine how an agent operates at its base state.

A common method of finding patterns within blocks of text.

Remediation refers to the process of identifying and correcting data issues, such as errors, inconsistencies, or inaccuracies, to improve data quality, security, and compliance.
It's a proactive approach to addressing vulnerabilities and ensuring data is accurate, complete, and consistent, thereby mitigating risks and adhering to regulations.

Scans are the searches that agents perform on endpoints (targets) to find either the file locations (Discovery Scan) or find specific data types (Sensitive Data Scan) within the files and folders.

The action of scanning a file system to find files and folders OR databases / blob stores to identify data locations.

See Sensitive Data Scan below.

Settings that determine what is scanned, where scans occur, which agents perform the scan, and what configuration options are used during that scan.
For Sensitive Data Scans this includes a Playbook.

The action of scanning within a file, folder, database, or blob stores for specific data type matches.

This type of scan enables you to search for sensitive data, such as a credit card number, password, or social security number, within defined Targets and take actions on them based on the playbook rules defined for them.

Search engine logic created by end-users to find custom data types with accuracy.

Search engine used for classification comprised of various modules (for example, RegEx, Dictionary, Keyword, and so on).

Settings that are required but not configurable by the user.

Settings that are used until changed by a user.

A Tag is a kind of container.
A Tag is a manual or dynamic group of Targets (such as Marketing Laptops or HR Databases).
Three are three types of Tags:
-
IP Range
-
Manual
-
Conditional
You can select the Targets for your Tag manually, or you can define the conditions that determine which Targets are placed into your Tag.
See Tag Management.

Any data location within an Asset that SDP can scan.
Targets can be in a “physical” box that can be scanned or they can be in a cloud asset.
-
Examples:
-
Targets in Local Assets: SQL Databases on a local SQL server
-
Targets in Cloud Assets:
-
Databases on Amazon S3, Azure Blob, Bitbucket, Google Drive
-
File Directories in SharePoint
-
-
Targets in Email:
-
Exchange On-Prem email which is housed on a local server
-
Exchange Online email which is housed in the cloud
-
-
-
Targets in Virtual Machines: databases on an Oracle VM, Amazon EC2, etc.

User Level Remediation.
Empowers the end user to address sensitive data policy violations, issues or risks and resolve them.
For example, a physical machine such as a local laptop or desktop or a cloud asset with data such as Amazon S3 or SharePoint.

Unmanaged data refers to data that is stored and managed by the data owner or organization, who is responsible for all aspects of data management:
-
Infrastructure
-
Security
-
Maintenance
Unmanaged data is often stored in various locations without a clear management structure.
Unmanaged often lacks proper access controls, encryption, and regular security audits.
Without proper oversight, unmanaged data is more vulnerable to breaches, malware, and other security threats.
This contrasts with Managed data, where a third-party provider, such as Microsoft Azure or AWS handles these responsibilities.
-
Unmanaged data example: Running a database on your own servers, where you manage the hardware, software, and security yourself.
-
Managed data example: Using a managed database service where a cloud provider handles the underlying infrastructure, software, and database management.

Job for the agent to do (for example, Discovery, Classification, Remediation).

The logic and actions to be performed automatically when matches are validated.