Add a New Scan Playbook

• Overview

• How to Add a new Scan Playbook

• Decision Point

• Select Action

• Manage Quarantine Paths

• Select Data Types

• Manage Classification

• Manage Scripts

 

Overview

Playbooks define the plan and actions that you can take on the results of your sensitive data scans.

See the available playbook remediation actions in the "Playbook Actions" graphic below.

• Quarantine - Move files from one location to another location

• Redact - Replace numerical and alpha characters in data with generic characters such as 'X' or '#'
  
  
  

• Shred - Permanently deletes file. Data sanitation techniques include: NIST Single Pass, DOD 3 Pass, and The Gutmann algorithm

• Restrict Access - Restrict access to all but select groups (Administrators, file owner, etc.)

• Encryption/Pseudo-anonymization - Provided by third-party integration partners

• Execute Script - Batch or PowerShell script. This enables you to leverage third-party CLI capabilities

Playbook Actions

 

How to Add a new Scan Playbook

To add a new Scan Playbook:

1. From the left menu, click Scans.
   
   

2. Select Scan Playbooks.
   
   

3. In the top right of the screen, click Actions.

4. Click Add Playbook.
5. In the New Playbook pop-up window, type the name and description of the playbook.
   
   

6. Click Continue to create or Cancel to discard.
7. Expand a section for how to do the following steps:

Decision Point

Procedure:

1. Decision Point: Click the Decision Point icon to open the Decision Point pop-up window.
   
   

2. Step Logic: In the Name box, type the name of the step logic.

   1. For example: MyStepLogic.
      

3. Logic: Set your logic.

• Left criteria drop-down list: Select an option. For example: Access Data.
  

• Center criteria drop-down list: Select an option. (The options available are determined by the initial criteria choice.) For example: On.
  

• All Day toggle: Set toggle to On for all day. Set toggle to Off to set a specific Date/Time.

• Note: The All Day toggle is only available for options that include date and time.

• Right criteria drop-down list: Fill in as applicable. For example: 03/01/2021.
  

4. To add a new group containing a filter value plus one additional value, click the plus icon.
   

5. Select options from the left and center criteria drop-down lists as above.
   

6. In the right criteria box, the available options are dependent on your previous choices.

   1. For example: Click the more options menu (...).
      
      

7. In the Select Items pop-up window, do the following:

   1. Type an item to search in the Search box.

   2. Click the right arrow to select an item to add.

   3. Click the left arrow to remove an item from the list.

   4. Click OK to add the criteria or Cancel to discard.
      
      

8. In the Decision Weight section, use the numeric up-down control to select a weight for the logic statement.
   
   

9. Click Save to save the logic statement or Cancel to discard.
   
   

Note: Adding multiple filter criteria can affect the scan performance.

Note: Not all repositories allow all logic scenarios to be performed so some logic statements will not function.

For example, many cloud repositories do not track Access Dates.

Select Action

1. Select options from the Select Action drop-down lists:
   
   

• Step Logic No: Applies the action when a data match is not found.

• Step Logic Yes: Applies the action when a data match is found.

• Select Action: Select one option from the drop-down list:

  • Classification

  • User Action

  • Assign

  • Notify

  • MIP Label

  • Remediation

    • Restrict Access: Restrict access to specific users.

    • Quarantine: Quarantine paths are managed by the administrators in the Remediation section of the Scans Settings page.

    • Shred: Permanently deletes a file. No further action can be taken.

    • Redact: Redacts the results when the Spirion application is closed.

    • Execute Script: Execute a script if there are results matching this rule.

    • Take No Action: Take no action on the results.

    • Ignore: Ignore all future instances of a result.

Classification

1. Select Classification from the Select Action drop-down list.

2. Action Options: Select one from the drop-down list:

   • Perform Action on File and Databases

   • Perform Action on Databases Only

3. Classification Type: Select one from the drop-down list:

   • New Classification: Adds a new classification to the search results.

   • Remove Classification: Removes a classification from the search results.

   • Replace Classification: Replaces a classification in the search results.

4. Select Classification: Select an option from the drop-down list.

   • See Manage Classification to manage classifications.

5. Automate Action: Select to apply the action automatically.
   
   

User Action

1. Select User Action from the Select Action drop-down list.

2. In the Provide Instructions box, type the specific user action needed.
   
   

Assign

To assign a user or role:

1. Select Assign from the Select Action drop-down list.
   1. Select User or Role: Select an option from the drop-down list.
   2. Automated Action: Select to apply the action automatically.
      
      

 

Notify

To notify assignees of results:

1. Select Notify from the Select Action drop-down list.
   1. Custom Notification Template: Select an option from the drop-down list.
   2. Enter Email Address(es): Type the email address to notify. Click Enter on your keyboard to add multiple email addresses.
   3. Automated Action: Select to apply the action automatically.
      
      

MIP Label

To use Microsoft Information Protection (MIP) labels to apply to the results:

1. Select MIP Label from the Select Action drop-down list.
1. Select Microsoft Label: Select an option from the drop-down list.
2. Label Application: Select an option from the drop-down list.
3. Automated Action: Select to apply the action automatically.

Note: This option is requires purchase of a MIP license.

Remediation

Procedure:

1. Select an option from the Remediation section of the Select Action drop-down list:
   
   

• Restrict Access: Restrict access to specific users.

• Do Not Restrict Access: Select an option from the drop-down list.

• Automated Action: Select to apply the action automatically.
  

• Quarantine: Quarantine paths are managed by the administrators in the Remediation section of the Scans Settings page.

• Automated Action: Select to apply the action automatically.
  

• Shred: Permanently deletes a file. No further action can be taken.

• Automated Action: Select to apply the action automatically.
  

• Redact: Redacts the results when the Spirion application is closed.

  • An example of a file with sensitive information redacted (using the 'X' character) is shown below.

  • Redaction settings are managed by the Admin in Platform Settings.

    
    Redaction File Example
    
    

• Automated Action: Select to apply the action automatically.
  

• Execute Script: Execute a script if there are results matching this rule.

  • Select an option from the Select Script drop-down list.

• Automated Action: Select to apply the action automatically.
  

• Take No Action: Take no action on the results.

• Automated Action: Select to apply the action automatically.
  

• Ignore: Ignore all future instances of a result.

• Automated Action: Select to apply the action automatically.
  

Complete Select Action

To complete a select action section:

1. In an existing action, click the plus icon below the action box.
   
   
2. Select Completed.
   
   
3. The action is marked Complete.
   
   

4. To reopen the action, click the X to the right of Complete.
   
   

Add Additional Select Actions

In an existing action, you can add further decision flow below or action to the side:

New Decision:

1. Click the plus icon at the bottom of the current action.
   
   
2. Click Decision.
   
   
3. Write the new step logic as defined in the Decision Point section.
4. Select an action from the Select Action drop-down list. See Select Action for more details.
   
   

New Adjacent Action:

1. Click the plus icon to the side of the current action.
   
   
2. Select an action from the Select Action drop-down list. See Select Action for more details.
   
   
   
3. To delete the new adjacent action, click the trash icon.
   
   

Note: To use a Playbook, you must mark all actions complete.

Manage Quarantine Paths

The Manage Quarantine Paths screen enables you to set a specific quarantine path other than the default setting.

To manage a quarantine path:

1. In a playbook, click Actions then Manage Quarantine Paths.
   
   
2. In the Quarantine Paths pop-up window, select one or more options from the drop-down list.
   
   
3. Click outside of the drop-down list.
4. Fill in the selected file paths.
   
   
5. Click Save to save settings or Cancel to discard. See the example below for a local quarantine path of C:\quarantine.
   
   

Select Data Types

The Select Data Types pop-up window lists all the existing data types and actions you can take.

Manage Data Types

Procedure:

1. In a playbook, click Actions then Manage Data Types.
   
   

Do one of the following:

1. Select a data type tile.
   
   
2. Type a data type in the search box and select the tile.
   
   
3. Click Confirm to select this data type or Cancel to discard.

Edit a Data Type

To edit a data type:

1. Click a data type tile. For example, Social Security Number.
   
   
2. In the Edit Data Type pop-up window, make needed changes.
   
   
3. Click Save & Update to save your changes or Cancel to discard.
4. Click Confirm to update the data type or Cancel to discard.

Manage Classification

The Classification screen displays a searchable list of existing classifications.

• You can view, edit, and add classifications on the screen.

• See Global Classifications for more information.

Persistent Classification

Spirion can apply persistent metadata tags to supported files automatically via Playbook.

This can inform downstream reporting and edge systems about files that are moving around and possibly getting replicated to other systems.

It also provides a visual indicator to end users to inform them that a given file has been classified.

Procedure:

1. In a playbook, click Actions then Manage Classification.
   
   
2. In the pop-up window, select "Perform Action on File...: under Action Options.
3. Select an option such as "Add Classification" under Classification Type.
4. Select an option such as "Confidential" under Select Classification.
   
   
   
5. Click outside of the drop-down list.
6. Click Save to save settings or Cancel to discard.
   

Spirion Classified File Example

You can now classify a file from the Windows file sub-menu as shown below.

Manage Scripts

The Script Repository screen displays a searchable list of existing scripts.

• You can view, export, delete, and add new scripts.

• See Working with Script Repository for more information.