Scans Settings

 

• Overview

• Access Scan Settings

• Manage Scan Settings

• Manage Agents Settings

• Manage Remediation Settings

• Manage Updates Settings

• Manage Notifications Settings

• Manage a Custom Notification

  • Create a New Template

• Manage Data Retention Settings

• Global Ignore Lists

  • Ignore Versus Exclude

  • What is Global Ignore?

  • How to Use Global Ignore Lists

  • Required User Role Permissions

 

Overview

Scans Settings is where you manage your settings for:

• Scan Item Number and Load

• Target Preferences

• Remediation Settings

• Policy and Application Updates

• Notifications and Custom Notifications

• Data Retention

  Note: Changes to Scans Settings take effect the moment data is entered into any field.
  If you wish to retain a copy of the original settings when making updates if you need to revert back to the previous settings.

 

Access Scan Settings

To access the Scan Settings screen, use the following steps:

 

1. From the left menu, click Settings.
   
   
   

2. Click Application Settings.
   
   

3. To view sections in Scans Settings:

   1. Click a down arrow to expand a section.
      
      

   2. Click an up arrow to collapse a section.
      
      

 

Manage Scan Settings

To manage Scan Settings, use the following steps:

1. Click the down arrow to expand the section.
   
   

2. Fill in the following settings - note that only some of these settings apply to greyhound agents (v13.0 and later):

   • Minimum Load When Using Distributed Scanning (MB): When using Discovery Teams to scan a target, this is the minimum amount of data, in megabytes, that is assigned to each Discovery team member.

     • Amount of data from all targets is calculated and split into data sets, with no data set being less than the value of the minimum load unless the size of a data set is less than the value in the minimum load - it cannot be grouped with any other data sets, in which case a team member is assigned a data set smaller than the minimum load.

     • This setting is used only when load balancing is enabled.

     • These limits apply only to Sensitive Data Manager (SDM) agents (versions 12.6.1 and earlier), NOT greyhound agents (versions 13.0+)

     • Valid values: 0-999,998

     • Value of 0 disables this setting

     • Default: 2

   • Minimum Number of Items When Using Distributed Scanning: When using the minimum number of items while using distributed searching, this is the minimum amount of items that can be assigned.

     • These limits apply only to Sensitive Data Manager (SDM) agents (versions 12.6.1 and earlier), NOT greyhound agents (versions 13.0+)

     • Valid values: 0-999,999

     • Default: 20,000
       

   • Maximum Load When Using Distributed Scanning (MB): When using Discovery Teams to scan a target, this is the maximum amount of data, (in megabytes), that a team member scans.

     • The amount of data from all targets is calculated and split into data sets, with no data set exceeding the value of the maximum load - unless a single folder exceeds the value of the maximum load in which case that folder is not divided and is searched by a single team member.

     • These limits apply only to Sensitive Data Manager (SDM) agents (versions 12.6.1 and earlier), NOT greyhound agents (versions 13.0+)

     • Valid values: 1-999,999

     • Default: 5

   • Maximum Number of Items When Using Distributed Scanning: When using the maximum number of items while using distributed searching, this is the maximum number of items that can be assigned.

     • These limits apply only to Sensitive Data Manager (SDM) agents (versions 12.6.1 and earlier), NOT greyhound agents (versions 13.0+)

     • Valid values: 0-999,999,999

     • Default value: 100,000

   • Results Streaming Chunk Size: The size of the data chunks the agent sends to RabbitMQ as it is scanning, up to the max value set.

     • Default: 300000 (bytes)

     • Applies only to greyhound agents (versions 13.0+)

   • Delayed policy confirm: When this setting is disabled (not checked), which is the default setting, policies are processed, made available to the agent, and then applied by the agent.

     • The agent then reports the policy state to the Console and the agent can then request additional policies.

     • Policy confirmation is a resource intensive process and may lock agents or other service tasks, causing a negative performance impact.

     • If that happens, this setting should be enabled and the confirmation is executed by the Update Policy States service task at a later time instead of when an agent reports it.

     • Enabling this setting lowers the pressure on resources, but it does not prevent agents from checking for new policies.

     • If this setting is enabled, policies are still processed, made available to the endpoint and then applied by the endpoint.

     • However, there is no confirmation that the policy has been applied by the endpoint.

     • The Policies State on the Status tab shows as 'Pending Confirm'.

     • The Update Policy State service job needs to be executed to update this state.

     • When Delayed Policy Confirm is enabled, the Pending Confirm state is set for an agent after the agent confirms it policies.

     • The state clears after the service job has executed.

     • The setting should be enabled if the Console is experiencing problems with deadlocks or timeouts.

   • Apply multiple rows locations actions during import: If an action (shred, redact, quarantine, Restrict Access, ignore), has been applied to a location on the agent, when the action is reported to the Console during import the Console searches for all previously imported search results of this location and applies the same action to those search results.

     • In normal operations Spirion recommends this setting remain enabled (default).

     • If you find imports are taking an excessively long time to complete or there are timeouts occurring in the ServerService log, including ApplyMultiRowLocationActions in the text of the exception details, then you may disable this setting.

     • Disabling this setting accelerates results being imported into the Console database by applying the action only to the currently imported results and not to any previously imported results.

     • Default: Enabled.

     Note: If a distributed scan is not completing when run against a very large data set, set the thresholds to a minimum of 5 MB and a maximum of 10 MB and run the scan again.
     
     Contact your Customer Success Manager if you have any questions.

Manage Agents Settings

To manage Agents settings:

1. Click the down arrow to expand the section.
   
   
   
   
2. Complete the following settings:

• Agent search progress update intervals:

  1. Enter an interval (in seconds) for Agents to send search progress updates to the console.
  2. Minimum value: 60 (seconds)
  3. If a value less than 60 is entered, the value is automatically changed to 60 the moment you click elsewhere on the page or select another page
  4. Enabled by default
  5. Default value: 300 (seconds)

• Automatically update agent names:

  1. When enabled, the Console automatically updates the agent display name and host name when an agent's computer name changes.

  2. Disabled by default

  3. Computer name is communicated to the Console during initial agent registration and when search results are sent to the Console.

  4. When the Console processes the results for an agent, if the name provided with the agent GUID is different than the name stored in the database, the agent name is updated to the new name, (if this setting is enabled).

• Keep Agent Activity State History:

  1. When enabled, the Console records the various agents' states.

  2. The maximum states to keep determines how many states are recorded per agent.

  3. Agent states are statuses, such as when the agent is opened or closed, or when a search was started, paused, canceled or completed interactively.

     1. Agent statuses do not include states related to tasks which are initiated from the Console, or via a scheduled task policy.

• Automatically merge agents based on:

  1. When enabled, the Console automatically merges agents that have any or all of the specified criteria in common
  2. By default, all radio buttons are cleared and automatic agent merging is disabled
  3. Select one of the following options:
     1. Disable - Disables automatic agent merging
     2. Hostname - The hostname is generally the computer name assigned by the OS to an agent
     3. Mac Address - The Console tracks all MAC addresses for agents. As with IP addresses this also includes MAC addresses from all physical and virtual network adapters
     4. IP Address - The Console tracks all IPv4 addresses for agents. This includes all physical and virtual network adapters
     5. All - Includes Hostname, Mac Address, and IP Address

• Inherit permissions on targets from filter/IP tags:

  1. When enabled, if you create a role that has only permissions to a filtered/IP tag, that role also has permissions to the Targets within that filtered/IP tag.

  2. Enabled by default.

  3. When this setting is disabled and you create a role that only has permissions to a filtered/IP tag, the role does not have permissions to the Targets within that filtered/IP tag.

  4. To enable the role to have permissions to the Targets within the filtered/IP tag when the setting is disabled, you must also grant permissions for the role to a simple tag that contains the same endpoint within the filtered/IP tag or grant permission to the endpoint explicitly.

Manage Remediation Settings

• Overview

• Quarantine Settings

  • Linux Quarantine File Path

  • Mac Quarantine File Path

  • Windows Quarantine File Path

• Leave Behind Warning Text Content

  • Amazon S3 Quarantine File Path

  • Box Quarantine File Path

  • Dropbox Quarantine File Path

  • Microsoft OneDrive Quarantine File Path

  • Google Drive Quarantine File Path

  • SharePoint Quarantine File Path

  • Bitbucket Quarantine File Path

• Microsoft Information Protection

 

Overview

To manage Remediation settings, use the following steps:

1. Click the down arrow to expand the section.
   
   
2. Complete the following fields:

• Synchronize Classification Changes With Targets:
  • Enabled: Manual classification changes made to sensitive data matches on the Scan Results page of the Spirion console are synchronized with the endpoint (target).

    • This service task synchronizes the classifications between the database and agent.

      • For example, a "Public Classification" applied to a SSN number match in the Results page of the Console displays on the file in the agent (using the Synchronize Classifications service task).

  • Disabled: No synchronization is performed

• Classification Overlay Shape:

  • The shape of the classification overlay that displays when the Display Classification Icons setting is disabled or when there are no icons loaded for a classification.

  • Options:

    • Circle (default)

    • Square

• Use This Algorithm When Creating File Hashes:

  • When using file hashes for Global Ignore Lists or adding file hashes to search locations in a policy, it is possible to specify the algorithm to be used for the hashing.

  • Changing this setting after hashes have been created invalidates any existing hashes.

  • The Console and all endpoints must be configured, in unison, to use the same file hashing algorithm.

  • The hash algorithm can be specified for endpoints with the following policy setting: Settings\Actions\Ignore\FileHash

  • Default algorithm: MD5

Quarantine Settings

Note: Global configurations can be overridden by Playbook quarantine locations.

Linux Quarantine File Path

Enter the Linux location to quarantine the files.

• Local Agent machine, all files: <path>/<Quarantine_Folder>

  • Example: /home/AdminBob/Quarantine

  • This entry quarantines all files to the specified Linux folder on the local Agent machine

• Mounted machine, all files: mnt/Quarantine

  • This entry quarantines all files to the specified quarantine folder on the specified mounted machine

• Remote machine, all files: \\<IP_address>\<drive_letter>$\<Quarantine_Folder>

  • Example: \\10.0.2.163\c$\Quarantine

  • This entry quarantines all files to the specified path on the specified remote Windows machine

Note: The file path syntax for Linux and Mac is different from that of Windows. The '\' character in Windows is represented as '/' in Linux/Mac.

 

Mac Quarantine File Path

Enter the Mac location to quarantine the files.

• Local Agent machine, all files: <path>/<Quarantine_Folder>
  • Example: /Users/Admin/Quarantine
  • This entry quarantines all files to the specified Mac quarantine folder on the local Agent machine
• Remote machine, all files: \\<IP_address>\<drive_letter>$\<Quarantine_Folder>
  • Example: \\10.0.2.163\c$\Quarantine
  • This entry quarantines all files to the specified path on the specified remote Windows machine

 

Windows Quarantine File Path

Enter the local or remote Microsoft Windows location to quarantine the files.

• Local Agent machine, all files: <Drive_Letter>:\<Quarantine_Folder>
  • Example: C:\ScanData\Quarantine
  • This entry quarantines all files to the specified Windows drive (C:) and folder on the local Agent machine
• Remote machine, all files: \\<IP_address>\<drive_letter>$\<Quarantine_Folder>
  • Example: \\10.0.2.163\c$\Quarantine
  • This entry quarantines all files to the specified path on the specified remote Windows machine

Leave Behind Warning Text Content

• Enter a text message that displays on files specifying the reason of quarantine.

Redact Character Replacement

• Enter the character you want to use in place of the text you are redacting.

Redact all but Last 4

• Select, if applicable.
  
  

  Note: Global quarantine configurations for cloud locations are mostly done with the admin accounts.
  Also, global configurations can be overridden by Playbook quarantine locations.

 

Amazon S3 Quarantine File Path

Specify the default folder to use for quarantining files discovered in an Amazon S3 cloud location.

• This setting can be a single location or a list of locations, entered one per line.

• Each item in the list must be specifically formatted to include the <path>, <user> (optional), and/or <admin> (admin account optional)

• <user> is a specified S3 user account to the specified S3 location

• <admin account> (optional) is an administrative account on S3 defined in the cloud storage configuration.

  • If the admin account is not included, the path applies to all administrative accounts defined in the configuration.

• Supported Paths

  • Only cloud storage paths (as they appear in results without a file name)

Examples

Examples of quarantine paths for local and cloud destinations, in valid formats, are listed below:

• Amazon S3, all files: Amazon S3: user/Quarantine_Folder

  • This entry quarantines all files on this cloud provider to the specified Amazon S3 quarantine folder

• Amazon S3, admin user files only: Amazon S3: user/Quarantine_Folder,admin@domain.com

  • This entry quarantines only files in the specified admin account on this cloud provider to the specified Amazon S3 quarantine folder
    
    

 

Box Quarantine File Path

Specify the default folder to use for quarantining files discovered in a Box cloud location.

• This setting can be a single location or a list of locations, entered one per line.

• Each item in the list must be specifically formatted to include the <path>, <user> (optional), and/or <admin> (admin account optional)

• <path> is any valid path

• <user> is a specified Box user account to the specified Box location

• <admin account> (optional) is an administrative account on Box Sync defined in the cloud storage configuration.

  • If the admin account is not included, the path applies to all administrative accounts defined in the configuration.

• Supported Paths

  • Only cloud storage paths (as they appear in results without a file name)

  • Standard file system paths

Examples

Examples of quarantine paths for local and cloud destinations, in valid formats, are listed below:

• Local Agent machine, all files: E:\Quarantine_Folder

  • This entry quarantines all files on this cloud provider to this local folder (E:\Quarantine_Folder) on the local agent

• Local Agent machine, admin user files only: E:\Quarantine_Folder,admin@domain.com

  • This entry quarantines only files in the specified admin account on this cloud provider to this folder (E:\Quarantine_Folder) on the local agent

• Box, all files: Box Sync: user@domain.com/Quarantine_Folder

  • This entry quarantines all files on this cloud provider to the specified Box Sync folder

• Box, admin user files only: Box Sync Admin: user@domain.com/Quarantine_Folder,admin@domain.com

  • This entry quarantines only files in the specified admin account on this cloud provider to the specified Box Sync folder
    
    

 

Dropbox Quarantine File Path

Specify the default folder to use for quarantining files discovered in a Dropbox cloud location.

• This setting can be a single location or a list of locations, entered one per line.

• Each item in the list must be specifically formatted to include the <path>, <user> (optional), and/or <admin> (admin account optional)

• <path> is any valid path

• <user> is a specified Dropbox user account to the specified Dropbox location

• <admin account> (optional) is an administrative account on Dropbox Sync defined in the cloud storage configuration.

  • If admin account is not included, the path applies to all administrative accounts defined in the configuration.

• Supported Paths

  • Only cloud storage paths (as they appear in results without a file name)

  • Standard file system paths

Examples

Examples of quarantine paths for local and cloud destinations, in valid formats, are listed below:

• Local Agent machine, all files: E:\Quarantine_Folder

  • This entry quarantines all files on this cloud provider to the specified drive and folder (E:\Quarantine_Folder) on the local agent

• Local Agent machine, admin user files only: E:\Quarantine_Folder,admin@domain.com

  • This entry quarantines only files in the specified admin account on this cloud provider to the specified drive and folder (E:\Quarantine_Folder) on the local agent

• Dropbox, all files: Dropbox Sync: user@domain.com/Quarantine_Folder

  • This entry quarantines all files on this cloud provider to the specified Dropbox Sync folder

• Dropbox, admin user files only: Dropbox Sync: user@domain.com/Quarantine_Folder,admin@domain.com

  • This entry quarantines only files in the specified admin account on this cloud provider to the specified Dropbox Sync folder
    
    

 

Microsoft OneDrive Quarantine File Path

Specify the default folder to use to quarantine files discovered in a Microsoft OneDrive cloud location.

• This setting can be a single location or a list of locations, entered one per line.

• Each item in the list must be specifically formatted to include the <path>, <user> (optional), and/or <admin> (admin account optional)

  • <path> is any valid path to the files to be quarantined

  • <user> is a specified OneDrive user account to the specified OneDrive location

  • <admin account> is an administrative account on OneDrive defined in the cloud storage configuration.

    • If the admin account is missing, the path applies to all administrative accounts defined in the configuration.

• Supported Paths

  • Cloud storage paths (as they appear in results without a file name)

  • Standard file system path

Examples

Examples of quarantine paths for local and cloud destinations, in valid formats, are listed below:

• Local Agent machine, all files: E:\Quarantine_Folder

  • This entry quarantines all files on this cloud provider to the specified drive and folder (E:\Quarantine_Folder) on the local agent

• Local Agent machine, admin user files only: E:\Quarantine_Folder,admin@domain.com

  • This entry quarantines only those files in the specified admin account on this cloud provider to the specified drive and folder (E:\Quarantine_Folder) on the local agent

• OneDrive, all files: OneDrive For Business: user@domain.com/Quarantine_Folder

  • This entry quarantines all files on this cloud provider to the specified Microsoft OneDrive for Business quarantine folder

• OneDrive, admin user files only: OneDrive For Business: user@domain.com/Quarantine_Folder,admin@domain.com

  • This entry quarantines only files in the specified admin account on this cloud provider to the specified Microsoft OneDrive for Business quarantine folder
    
    

  Note: To quarantine files to Microsoft OneDrive, the entire location file path must be written in lowercase.

 

Google Drive Quarantine File Path

Specify the default folder to use to quarantine files discovered in a Google Drive cloud location.

• This setting can be a single location or a list of locations, entered one per line.

• Each item in the list must be specifically formatted to include the <path>, <user> (optional), and/or <admin> (admin account optional)

• <path> is any valid path

• <user> is a specified Google user account to the specified Google location

• <admin account> is an administrative account on Google Drive defined in the cloud storage configuration.

  • If the admin account is missing, the path applies to all administrative accounts defined in the configuration.

• Supported Paths

  • Cloud storage paths (as they appear in results without a file name)

  • Standard file system path

Examples

Examples of quarantine paths for local and cloud destinations, in valid formats, are listed below:

• Local Agent machine, all files: E:\Quarantine_Folder

  • This entry quarantines all files on this cloud provider to the specified drive and folder (E:\Quarantine_Folder) on the local agent

• Local Agent machine, admin user files: E:\Quarantine_Folder,admin@domain.com

  • This entry quarantines only those files in the specified admin account on this cloud provider to the specified drive and folder (E:\Quarantine_Folder) on the local agent

• Google Drive, all files: Google Drive: user@domain.com/Quarantine_Folder

  • This entry quarantines all files on this cloud provider to the specified Google Drive quarantine folder

• Google Drive, admin user files only: Google Drive: user@domain.com/Quarantine_Folder,admin@domain.com

  • This entry quarantines only those files in the specified admin account on this cloud provider to the specified Google Drive quarantine folder
    
    

 

SharePoint Quarantine File Path

Enter the SharePoint location to quarantine the files.

Note: Quarantining SharePoint files to a remote file server is not supported at present.

• Local Agent machine: <Drive_Letter>:\Quarantine_Folder
  • Example: C:\SharePointQuarantine
  • This entry quarantines all files to the specified drive (C:) and quarantine folder on the local Agent machine
• SharePoint site: https://<SharePoint_site>/QuarantineSite
  • Example: https://acmedev.sharepoint.com/sites/QuarantineSite
  • This entry quarantines all files to the specified SharePoint site quarantine folder on the specified remote SharePoint quarantine site
    
    

 

Bitbucket Quarantine File Path

Bitbucket is not currently supported.

 

Microsoft Information Protection

Procedure:

1. Next to Manage Protection (Authenticated), click Manage.

2. The Manage Protection window opens.
   
   
   

In the Manage Protection window, enter these settings:

• Admin User Account Name: Enter your admin user account name and click Authenticate.

• Authentication Code: Enter your authentication code provided from the authentication above in the box.

• Client ID: (Optional) Enter your unique client ID to be used for authentication.

• Client Secret: (Optional) Enter your unique client secret to be used for authentication.

• Tenant ID: (Optional) Enter your tenant ID to be used by the authenticating server.

3. Click Save to save or Cancel to discard.

   Note: If you enter value in any of the optional fields, it is mandatory to add values in the other optional fields as well.

In the Manage Label (Authenticated) section, do the following:

4. Click Manage.
   
   

In the Manage Label pop-up window, fill in the following:

• Admin User Account Name: Enter your admin user account name (user@domain.com) and click Authenticate.

• Authentication Code: Enter your authentication code provided from the authentication above in the box.

• Client ID: Enter your unique client ID to be used for authentication.

• Client Secret: Enter your unique client secret to be used for authentication.

• Tenant ID: Enter your tenant ID to be used by the authenticating server.
  
  

5. Click Save to save or Cancel to discard.
   
   

Manage Updates Settings

Use the following steps to manage your Updates settings:

1. Click the down arrow to expand the section.

• Check This URL for Policy Definitions Updates: Enter the URL that hosts your Policy Definitions.

• Automatically Check for Updates When Resources Page is Loaded for the First Time: Select, if applicable.
  

• Check This URL for Application Updates: Enter the URL that hosts your Application Updates.
  
  

Manage Notifications Settings

To manage Notifications Settings:

1. On the left of the Notifications row, click the down arrow to expand the section.
   
   
2. In the Purge Notifications section, select an option from the "Purge Dismissed Notification After" drop-down list.
   
   
   
   
3. In the Custom Notification section, you can manage existing custom notifications or create new ones.

Manage a Custom Notification

To manage custom notifications, use the following steps:

1. Locate a template in the list.
2. Use the toggle to change the deployed status.
   
   
3. To manage a template, click the more options menu.
   
   
4. Click Manage.
   
   
5. In the Manage Custom Notification pop-up window, make needed changes.
   
   
6. Click Update to save updates, Cancel to discard updates, or Delete to delete the template.

   Note: If you click the Delete button, it immediately deletes the template. There is no undo feature.

Create a New Template

Procedure:

1. In the Custom Notifications section, click New Template.
   
   
2. In the Create Custom Notification pop-up window, fill in the following:
   1. Name: Enter the template name.
   2. Subject: Enter a description of the template subject.
   3. Active: Use the toggle to change the Active status.
      
      
3. Body: Use the text editor to compose the body of the template.
   1. Use the toolbar to format the text and paragraphs, and to insert code and variables as needed.
      
      
4. Click Save to save the template or Cancel to discard.

Manage Data Retention Settings

To manage your Data Retention settings, fill in the following fields:

• Audit Data Retention:
  • Set the number of years to retain data.
  • A minimum of 5 years is required.
• Event History - Watcher:
  • Set the number months to retain Watcher Event history, if applicable.
• Gather data:
  • Set the number of days to gather data.
  • This number must be between 1 and 30 days.
• Scan results:
  • Set the number of months of scan results to retain.
  • This number must be between 1 and 12 months.
• Activity History:
  • Set the number of months of Incident history to retain.
  • A minimum of 12 months is required.
• Search History
  • Set the number of months of scanned location history to retain when using Differential Scanning.
    • Also see What is Differential Scanning?
  • After this set number of months, search history data is purged (deleted).
  • This number must be between 1 and 12 months.

Global Ignore Lists

Sensitive Data Platform version 13.6 introduces the Global Ignore List feature.

NOTE: The Global Ignore Lists section under Settings>Application Settings>Scans Settings appears only for users who are members of the Admin user role. All other user roles cannot view or use this feature.

Ignore Versus Exclude

Before using the Global Ignore List feature consider whether you want to ignore or exclude the sensitive data you are scanning for in your environment.

• Ignore - Global Ignore List: This Sensitive data matches (credit card numbers, social security numbers, personal addresses, etc.) that are entered into the Global Ignore List are scanned by Spirion Agents, along with all sensitive data, but the Agent is instructed to ignore the data.

  • Data marked Ignored does not appear in scan results, reports, or any Sensitive Data Platform dashboards

  • Note that the Ignore setting available from Playbooks differs from the Ignore performed by the Global Ignore List

• Exclude: Sensitive data matches that should be skipped (not scanned by Spirion Agents), must be set to Exclude. No identification or action of any kind can be applied to the data as it is identified and skipped by Spirion agents during the scanning process. The sensitive data to exclude is defined when you set up the scan (within the Sensitive Data Platform UI, Scans>All Scans>+Add Scan). See User Guide. To see information about excluding files or folders, see Create a Files & Folders Scan

What is Global Ignore?

Sensitive Data Matches such as social security numbers, or credit card numbers, etc., can be included in a Global Ignore List. Scans performed by Spirion Agents capture the sensitive data matches, but ignore them. The Sensitive data matches are not sent to the Sensitive Data Platform console and therefore are not visible in scan results, reporting, or dashboards.

This feature is useful to eliminate false positives - sensitive data matches which exist, but are considered invalid, because they are provided for context, examples, samples, training, or other means:

• Example dates of birth

• Sample social security numbers

• Fictitious credit card numbers

• For example, a sample piece of data provided on a form, such as a date of birth, which is always scanned, should be included in a Global Ignore List so that it does not register as a valid sensitive data match.

How to Use Global Ignore Lists

When you create a Global Ignore List with sensitive data matches, when Spirion Agents scan your data sources (Targets) any sensitive data discovered that matches an item in your Global Ignore List is ignored. The sensitive data match will not appear in reports, dashboards, or scan results.

• A Global Ignore List can contain either singular instances of unique data types or multiple instances of a data type captured using pattern-matching.

• For example, you may wish to ignore the social security number 000-00-0000 as it is an invalid number.

Pattern Matching

• Pattern matching is used to identify all sensitive data matches which meet the pattern criteria you set.

• Includes the AnyFind, Sensitive Data Definitions (SDD), and Search API identity types as options.

• Enabling the Pattern checkbox enables you to use a Regular Expression to match search results rather than matching a specific value.

• Example: In your environment, you have sample forms on your computer that use many different placeholders for completing Social Security forms, but they all begin with the number sequence 123-12. Enter the pattern ^123\-12 in the Match field and select Social Security Number as the Data Type to prevent the placeholder numerals from being displayed in search results, reports, or dashboards.

 

Add a Global Ignore List

Use the following procedure to create a new Global Ignore List.

1. Under Actions, select Create List.
   
   

2. Enter a descriptive name for the Ignore list that indicates what the list will contain.
   
   

3. Click Save.

4. Click the Add Match button.

5. Select the Data Type, such as personal address, telephone number, etc. to scan for (and set to ignore) from the drop-down menu.

   • Options include: AnyFind, Sensitive Data Definitions (SDD), and Search API identity types
     
     

6. In the Match field enter the specific data for Sensitive Data Platform agents to scan for and match.

   • The text entered in this field must be perfectly accurate.

   • IMPORTANT! This field is free text. This field does not validate its contents as a Match corresponding to the selected Data Type. It does not detect if the Pattern checkbox is checked.

   • The length of the match is unlimited. For example, this matches what services and the database allow.

   • Note: Different Global Ignore Lists can have the same matches.

7. Pattern check box:

   • The Pattern checkbox enables you to use a Regular Expression to match search results rather than matching a specific value. See Pattern Matching above.

   • If the data you entered in the Match field represents a pattern for Spirion agents to scan for, check the Pattern box.

8. Click Save.

9. When scans are performed Sensitive Data Platform agents will scan for and match the sensitive data or sensitive data pattern specified and ignore the data.

Delete a Global Ignore List

To delete a Global Ignore List, use the following procedure:

1. Navigate to the Scans Settings page.

2. Expand the section Global Ignore Lists.

3. Find the Global Ignore List you wish to delete.

4. Next to the list, select Actions, and then select Delete List.
   
   

5. Click Confirm to delete the list.
   
   

Delete a Sensitive Data Match from a Global Ignore List

To delete a Global Ignore List, use the following procedure:

1. Navigate to the Scans Settings page.

2. Expand the section Global Ignore Lists.

3. Find the Global Ignore List with the match you wish to delete.

4. Next to the Match select the more options menu with 3 vertical dots and select Delete.
   
   

5. Click Confirm to delete the match from the list. The Delete Match pop-up dialog specifies that by deleting this sensitive data match, it can be discovered and recorded in futures scans.
   
   

 

Required User Role Permissions

The Global Ignore Lists section appears on the Scans Settings page only for Admin users.

• Users who are not members of the Admin user role do not see the Global Ignore Lists section and cannot access it or use it.

• To add users to the Admin user role see Manage User Roles>USER ROLES tab.

• The Global Ignore Lists section does not show the matches content (or data) for other user roles

• The API for loading ignored matches data is also restricted to Admin users.