ControlPoint. Sensitive Content Manager. April 20,

Similar documents
ControlPoint. for Office 365. User Guide VERSION 7.6. August 06,

ControlPoint. Evaluation Guide. November 09,

ControlPoint. Managing ControlPoint Users, Permissions, and Menus. February 05,

StoragePoint RestorePoint for StoragePoint

Content Matrix. Evaluation Guide. February 12,

ControlPoint. Native Installation Guide. February 05,

ControlPoint. Installation Guide for SharePoint August 23,

ControlPoint. Advanced Installation Guide. September 07,

ControlPoint. Quick Start Guide. November 09,

Monitoring Replication

ForeScout Extended Module for MobileIron

Metalogix ControlPoint 7.6

User Manual. ARK for SharePoint-2007

ControlPoint. User Guide VERSION 7.5. November 15,

ForeScout Extended Module for MaaS360

SAS Viya 3.3 Administration: Identity Management

FileLoader for SharePoint

Content Matrix Organizer

ForeScout Extended Module for VMware AirWatch MDM

FileLoader for SharePoint

Vision 360 Administration User Guide

Policy Manager in Compliance 360 Version 2018

Content Matrix Organizer

Info Input Express Network Edition

StoragePoint Large File Support Guide

Oracle Financial Services Regulatory Reporting User Guide MY STR. Release 2.4 October 2013

Netwrix Auditor for Active Directory

Tenable.io User Guide. Last Revised: November 03, 2017

Installation and Upgrade Guide

StoragePoint. Evaluation Guide. Publication Date: May 22, Copyright Metalogix International GmbH All Rights Reserved.

Web Client User Guide

Replicator Prioritizing Replication Events

User Scripting April 14, 2018

Managing Your Website with Convert Community. My MU Health and My MU Health Nursing

Colligo Engage Outlook App 7.1. Connected Mode - User Guide

StoragePoint Advanced Installation Guide

ForeScout Extended Module for Qualys VM

Have a question? Speak with a member of our team on

Netwrix Auditor for SQL Server

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9

EMC Documentum Quality and Manufacturing

VMware AirWatch Integration with RSA PKI Guide

My Publications Quick Start Guide

ForeScout Extended Module for Tenable Vulnerability Management

User Guide. Version R94. English

User Guide. Version R92. English

Diagnostic Manager. User Guide VERSION August 22,

Document Management System GUI. v6.0 User Guide

CounterACT Afaria MDM Plugin

Welcome to the Investor Experience

Customer Compliance Portal. User Guide V2.0

Learning Series. Volume 8: Service Design and Business Processes

Test Information and Distribution Engine

DSS User Guide. End User Guide. - i -

BBVA Compass Spend Net Payables

Oracle Financial Services Regulatory Reporting User Guide SG STR. Release 2.4 October 2013

Electronic Appraisal Delivery (EAD) Portal. FHA EAD General User Guide

Extranet User Manager User Guide

Wholesale Lockbox User Guide

Administering isupport

Merchant Portal User Guide

Salesforce CRM Content Implementation Guide

Microsoft Office Groove Server Groove Manager. Domain Administrator s Guide

Expense: Process Reports

Contents Using the Primavera Cloud Service Administrator's Guide... 9 Web Browser Setup Tasks... 10

KeyNavigator Book Transfer

One Identity Starling Identity Analytics & Risk Intelligence. User Guide

StoragePoint. Selective Restore Manager Guide. Publication Date: Thursday, December 29, 2016

Production Assistance for Cellular Therapies (PACT) PACT Application System User s Guide

SAP BusinessObjects Live Office User Guide SAP BusinessObjects Business Intelligence platform 4.1 Support Package 2

REPORTING Copyright Framework Private Equity Investment Data Management Ltd

User Guide. Connect to: for use with SharePoint 2010 and 2013 version 1.0. June 2014 Issue 1.0

Colligo Manager 5.4 SP3. User Guide

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

System Administration Guide

Replicator. Enterprise API Guide VERSION January 04,

HP SmartTracker. User Guide

EMC Voyence Payment Card Industry Advisor. User s Guide. Version P/N REV A01

Table of Contents RURO, Inc. All Rights Reserved

RiskyProject Enterprise 7

DocAve Content Shield v2.2 for SharePoint

Scheduling Reports Launch the Scheduling Tool... 1 Description... 1 Overview of Scheduling Components... 2

A. INTRODUCTION... 2 B. SCOPE... 2 C. APPENDIX A... 2 D. CPD EPORTFOLIO LOGIN... 3 E. QUICK LINKS ON PRACTITIONER S HOME PAGE... 6 F. HOME PAGE...

ZENworks 2017 Audit Management Reference. December 2016

Salesforce CRM Content Implementation Guide

CLIQ Web Manager. User Manual. The global leader in door opening solutions V 6.1

Oracle Financial Services Common Reporting Standard Singapore User Guide. Release May 2018

Equitrac Embedded for Kyocera Mita. Setup Guide Equitrac Corporation Equitrac Corporation

Cisco Partner Support Service (PSS) User Guide - User Registration. April 07,

Creating Workflows. Viewing the Task Library. Creating a Workflow. This chapter contains the following sections:

Replicator. Evaluation Guide VERSION January 04,

Strategic Dashboard 7.2

Interstage Business Process Manager Analytics V12.1 Studio Guide

Administration guide. PRISMAdirect Configuration

ES CONTENT MANAGEMENT - EVER TEAM

USPTO Accommodation Point User Guide VERSION 1.0

ADMINISTRATIVE USER GUIDE FOR THE APTI-LEARN LEARNING MANAGEMENT SYSTEM (LMS)

EMC Documentum Quality and Manufacturing

Using WebNow to Process the Fund Establishment Form

Oracle Financial Services Common Reporting Standard User Guide. Release March 2017

Transcription:

ControlPoint Sensitive Content Manager April 20, 2018 www.metalogix.com info@metalogix.com 202.609.9100

Copyright International GmbH., 2008-2018 All rights reserved. No part or section of the contents of this material may be reproduced or transmitted in any form or by any means without the written permission of International GmbH. ControlPoint is a trademark of International GmbH. Windows SharePoint Services is either a registered trademark or a trademark of Microsoft Corporation in the United States and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners. Technical Support For information about Technical support visit http://metalogix.com/support. Technical support specialists can be reached by phone at +1-202-609-9100. The level of technical support provided depends upon the support package that you have purchased. Contact us to discuss your support requirements. www.metalogix.com info@metalogix.com 202.609.9100

Contents Analyzing SharePoint Content for Compliance... 4 Installing and Configuring Sensitive Content Manager On Premises... 4 Registering for Sensitive Content Manager... 4 Compliance Administrators and Quarantine Administrators Groups... 5 Managing Sensitive Content Manager Users... 5 Managing Sensitive Content Manager Profiles... 7 Creating Sensitive Content Manager Profiles...8 Managing Compliance Search Terms... 9 Defining Compliance Action Rules... 11 Submitting Content to Sensitive Content Manager for Compliance Analysis... 12 Compliance Action Severity Levels...13 Managing Sensitive Content Manager Submissions... 13 Managing Compliance Action Scan Results...14 Acting on Compliance Analysis Results... 15 Managing Quarantined Items... 18 Reporting on Sensitive Content Activity... 19 Analyzing Scanned Files... 21 Changing Default Settings for Compliance... 23 Compliance Endpoints... 23 Compliance Alert Email Text... 25 Compliance Profile API Method (ComplianceProfileAPIMethod)... 26 Add Scan Results Column to SharePoint List (IncludeTextWhenScanning)... 27 www.metalogix.com info@metalogix.com 202.609.9100

Analyzing SharePoint Content for Compliance If your ControlPoint license includes Compliance functionality, you can use the Sensitive Content Manager (SCM) to scan content for sensitive content, then specify an action to take based on the type/severity of the information found. NOTE: If your ControlPoint license does not include Sensitive Content Manager, this funcitonality will be hidden. Compliance Functionality Process Overview The process for using Sensitive Content Manager to implement ControlPoint Compliance functionality is described below. A. ControlPoint Compliance Administrators register for Sensitive Content Manager. B. ControlPoint Compliance Administrators define Compliance Action Rules. C. ControlPoint Compliance Administrators submit content to Sensitive Content Manager for analysis. D. ControlPoint Compliance Administrators manage Compliance Actions. Installing and Configuring Sensitive Content Manager On Premises If you are using Sensitive Content Manager Server (the on-premises edition of Sensitive Content Manager) as an alternative to Sensitive Content Manager (Cloud edition), refer to the Sensitive Content Manager Server Installation Guide, which is also provided with your Sensitive Content Manager installation kit, for complete instructions. Before using Sensitive Content Manager Server via ControlPoint, the ControlPoint Application Administrator must change the Compliance Endpoints, which by default are configured for Cloud Services. Registering for Sensitive Content Manager The first time a member of the ControlPoint Compliance Administrators group invokes ControlPoint Compliance functionality, that user will be prompted to register with Sensitive Content Manager. The credentials you use depend on the installation: If you will be using Sensitive Content Manager (Cloud edition) to analyze content, will provide this information. If you will be using Sensitive Content Manager Server edition to analyze content, enter your email address and a password of your choice. 4

Once registration has been completed, members of the ControlPoint Compliance Administrators group can begin to use ControlPoint with Sensitive Content Manager. Compliance Administrators and Quarantine Administrators Groups If your organization is licensed for Sensitive Content Manager, only individuals who have been added to the following group(s) in the ControlPoint Configuration Site will be permitted to perform Compliance actions: ControlPoint Compliance Administrators - Individuals permitted to access ControlPoint Compliance functionality. ControlPoint Quarantine Administrators - Individuals permitted to manage quarantined content. Currently, members of the Quarantine Administators group must be a Site Collection Administrator for each site collection containing quarantined content (in order to invoke the Manage Quarantine Documents page from the SharePoint Hierarchy) OR also be a member of the Compliance Administrators Group. Managing Sensitive Content Manager Users Sensitive Content User Maintenance functionality can be used by members of the ControlPoint Compliance Administrators group to register or delete other Sensitive Content Manager users, as an alternative to having users self-register. To launch the Sensitive Content Manager User Maintenance page: From the Manage panel, choose Compliance > User Maintenance. The Sensitive Content User Maintenance page uses Auth Tokens to connect to the Sensitive Content Manager service, as well as Refresh tokens to prevent Auth tokens from expiring. Under normal circumstances, Auth tokens are auto-refreshed hourly and should never expire. Therefore, the [Refresh] option should only be only with guidance from Support. 5

To register Sensitive Content Manger users: 1 Click [Register] to display the Select Users dialog. 2 Enter the the user account that you want to register. NOTE: You can only register one user at a time, and the user you want to register must have a valid email address. 3 Click [Add] to add the user and display the Sensitive Content Manager Registration dialog. 4 Register the user for Sensitive Content Manager. 5 Complete Steps 1-4 for each user you want to register. NOTE: Make sure that all registered users are also members of the ControlPoint Compliance Administrators group. To "unregister" Sensitive Content Manager users: 1 Use the check box(es) to select the user(s) you want to unregister. 2 Click [Delete]. 6

NOTE: Unless you remove the unregistered users from the ControlPoint Compliance Administrators group, they will continue to be prompted to register whenever Sensitive Content Manager functionality is invoked Managing Sensitive Content Manager Profiles A Sensitive Content Manager Profile is a named collection of content search and analysis guidelines. SCM includes a number of "Standard" Profiles for detecting Sensitive Content, which include: Personally Identifiable Information (PII) Protected Health Information (PHI) Payment Card Industry (PCI) General Data Protection Regulation (GDPR) compliance. NOTE: continually adds new Standard Profiles, which cannot be modified or deleted. Members of the ControlPoint Compliance Administrators group can also create and manage custom Profiles by defining content search and analysis guidelines to use, as an organization's file analysis criteria may differ from those used in Standard Profiles. For example, you may want to create a custom Profile to group and weight a different subset of the predefined Search Terms, add custom Search Terms for sensitive data types, or analyze data that falls outside "standard" Profile definitions. Sensitive Content Manager Profile Components Sensitive Content Manager Profiles consist of the components described in the following table. Profile Component Description Search Term A word or any simple or complex alphanumeric pattern that represents sensitive information in a document. For example, in the PII Profile, these Search Terms are the personal identifiable information like a person's name, date of birth, financial account numbers, address, email address, etc. Each content search uses a set of Search Terms in a Profile. Regular Expression (Regex) The search syntax for a Search Term. The analysis engine matches the file contents with a Search Term based on the regex syntax specified in the Profile. You can define new Profiles that use the Standard Search Terms, or create Search Terms based on custom expressions. 7

Profile Component Description NOTE: Regular expressions for the predefined search terms are internally defined in the Search Term, and cannot be modified because they are not standalone regular expressions. Weight The degree of severity of a possible content match for a specific Profile. File Score That weight factor combined with the number of content matches encountered during an analysis job. File scores are calculated during a file analysis to determine the overall severity level of a document Creating Sensitive Content Manager Profiles To create a Sensitive Content Manager Profile: 1. From the Manage panel, choose Compliance > Profile Maintenance. 2 Click [Create]. 3 Enter a unique title for the Profile, as well as a description that will be visible to end users. 4 If you want to make the Profile private, uncheck the Make Profile Public box. IMPORTANT NOTE: A Private profile is available to the person who created the profile, as well as all users in the Operators role in Sensitive Content Manager. For Sensitive Content Manager Server, communication with ControlPoint is performed in the context of the Service Account, and all Profiles belong to that account. Therefore, Private Profiles are available to all members of the ControlPoint Compliance Administrators group. For Sensitive Content Manager (Cloud edition), Private Profiles are available for use by the person who created them, as well as users in the Operators role in Sensitive Content Manager (Cloud edition). 5. If different than the defaults, adjust the relative weights (that is, the degree of severity of a possible content match) for each threat level (Mild, Moderate, and Severe). NOTE: While default weight values are recommended guidelines, you can increase or decrease the relative weights between severity levels, and there is no upper limit to the range that can be entered. 6. From the Search Term List, select the Search Term(s) that you want to add to the Profile, then click [Add] to move the term(s) to the Profile Search Terms list. NOTE: If you want to include a Search Term that does not display in the list, you can create a custom Search Term. 7 Click [Create]. 8

8 To edit a custom Profle: 1 In the Compliance Search Terms Manager page, select the Public or Private Profile you want to edit, then click [Edit]. 2 Update fields as needed, then click [Update]. Note that Standard Profile is provided by acannot be edited or deleted. Managing Compliance Search Terms Sensitive Content Manager includes a number of out-of-the-box "standard" Search Terms for use in creating Profiles. These include terms related to: Personal Identification Information (PII) Payment Card Information (PCI) Protected Health Information (PHI) General Data Protection Regulation (GDPR) compliance. NOTE: Note that continually adds Standard Search Terms, which cannot be edited or deleted. Members of the Compliance Administrators can also create and maintain custom Search Terms to meet the organization's unique compliance needs. To access the Compliance Search Terms Manager page: From the Manage panel, choose Compliance > Search Terms Maintenance. To create custom Search Terms: 1 Click [Create]. 3 Enter a Search Term Title and Search Term Description as well as an Expression Name for the regex. 4. Enter a valid regex expression. NOTE: Do not enter any leading or ending slashes (/) 9

5. To test the validity of the expression: a) enter representative text in the Sample Text Goes Here: field. b) Click the [Test Expression] at the bottom of the dialog. A pop-up will display informing you that either: a match can be found for the text using the given regex OR a match cannot be found for the text using the give regex. 2 If you want to make the Search Term Private, uncheck the Make Search Term Public box. IMPORTANT NOTES: A Private Search Term is available to the person who created it, as well as all users in the Operators role in Sensitive Content Manager. For Sensitive Content Manager Server, communication with ControlPoint is performed in the context of the Service Account, and all Search Terms belong to that account. Therefore, Private Search Terms are available to all members of the ControlPoint Compliance Administrators group. For Sensitive Content Manager (Cloud edition), Private Search Terms are available for use by the person who created them, as well as users in the Operators role in Sensitive Content (Cloud edition). If a Private search Term is added to a public Profile, that search term will be visible publicly. 10

To edit a custom Search Term: 1 In the Compliance Search Terms Manager page, select the term that you want to edit, then click [Edit]. 2 Update fields as needed, then click [Update]. Note that any Search Term for which the regex is not visible is a Standard Search Term provided by that cannot be edited. For Sensitive Content Manager (Cloud edition), all fields on the dialog of an uneditable search term will be disabled. For Sensitive Content Manager Server, some fields on the dialog may appear enabled, but any changes you attempt to make will not be saved. Defining Compliance Action Rules Members of the ControlPoint Compliance Administrators group can define Compliance Action rules to determine how non-compliant content should be handled, based on the severity level detected. You can also specify that one or more users be alerted via email when a Compliance Action is taken. REMINDER: You must be registered for Sensitive Content Manager and a member of the ControlPoint Compliance Administrators group to use this functionality. To access the Compliance Actions page: Use the information in the following table to determine the appropriate action to take. To define Compliance Action rules: 1 Enter a unique name to create a new Compliance Action, or choose an existing action from the dropdown. WARNING: If you choose to Update Existing Compliance Actions, the changes will be applied to all scan jobs that use it going forward. 2 For each of the Severity levels (Mild, Moderate, and Severe), specify the action that should be applied when a threat is detected. You can choose to have ControlPoint: Take No Action on non-compliant content Quarantine non-compliant content Use an Approval Workflow to address non-compliant content Remove non-compliant content Note that an action must be defined for all three severity levels. You can navigate from one rule to the next via the Select actions for threat level: button. 3 If you want ControlPoint to send an email alert when a specified action is taken: a) Check the Alert Users box. b) Click [Create New User]. 11

c) Complete the Select Users for the user to which you want to send the alert. NOTE: Currently, you can only select one user at a time. Repeat substeps b) and c) for each user you want to alert. Submitting Content to Sensitive Content Manager for Compliance Analysis Members of the ControlPoint Compliance Administrators group can use the ControlPoint Analyze Content action to submit content to the Sensitive Content Manager where it will be scanned for potentially sensitive content. ControlPoint submits the following types of content for scanning: files within Document Libraries with the following extensions:.doc.docx.eml.msg.pdf.pps.ppt.pptx.xls.xlsx.txt items within most types of lists (with or without attachments that have any of the file extensions listed above). To submit content to Cloud Services for analysis: 1 Select the object(s) containing the items that you want to submit for analysis. 2 Choose Compliance > Analyze Content. REMINDER: You must be registered for Sensitive Content Manager and a member of the ControlPoint Compliance Administrators group to use this functionality. 3 Enter a name and description for the scan. 4 If different from the default (PII - Personal Identification Information), select a Profile for this scan from the drop-down. See also Managing SCM Profiles. 5 If you want to Resubmit files that have not changed since they were previously scanned, check this box. 12

NOTE: If you leave this box unchecked, previously-scanned files that have not changed will be excluded. 6 Include one or more list types from the list box. (If you also want to Include attachments, check this box.) 7 Now you can: run the operation immediately (by clicking [Analyze]) OR schedule the operation to run at a later time or on a recurring schedule OR save the operation as XML Instructions that can be executed at a later time. A ControlPoint Task Audit is generated for the submission. You can monitor the progress of the submission via the Sensitive Content Manager Submission Maintenance page. Compliance Action Severity Levels When content is analyzed by the Sensitive Content Manager, it is evaluated against the following three severity levels, as defined in the Sensitive Content Manager Profile used for the content analysis. Severe Moderate Mild Compliance Administrators specify the appropriate action to take for each severity level via the ControlPoint Compliance Actions page. Managing Sensitive Content Manager Submissions From the Sensitive Content Submission Maintenance page, ControlPoint Compliance Administrators can: monitor the progress of jobs that have been submitted to Sensitive Content Manager for compliance scanning delete one or more Sensitive Content Manager jobs re-submit previously scanned jobs view a detailed analysis of compliance scan results manage compliance actions To launch the Sensitive Content Submission Maintenance page: From the Manage pane, choose Compliance > Sensitive Content Submission Maintenance. In addition the current Status of each job (e.g., Crawling, Submitted, Analysis Completed), ControlPoint displays the number of items within each job that have been: 13

Submitted by ControlPoint to the Sensitive Content Manger service for scanning Uploaded to the Sensitive Content Manager service Reviewed (scanned) Skipped (omitted from the scan; for example, if Sensitive Content Manager was unable to read an item's contents) are Unsupported by the Sensitive Content Manager service NOTE: For a list of supported file types, see Submitting Content to Sensitive Content Manager. are In Queue (waiting to be scanned). Now you can: Delete selected jobs (as long as they are not currently being crawled or scanned) Resubmit selected jobs NOTE: When you resubmit a job from this page, it will be submitted exactly as originally defined. (For example, it will not include any files that have been added to a SharePoint list since the last scan.) However, any items that have been quarantined since the last scan will not be included in the submission. link to: a Detailed Analysis of compliance scan results the Compliance Summary page, where you can manage compliance scan results the ControlPoint Task Audit for the job. Managing Compliance Action Scan Results Members of the ControlPoint Compliance Administrators group can view and take action on Content Analysis scan job results returned by the Sensitive Content Manager via the Compliance Summary page. You can: view the details of a Compliance Action job apply Compliance Actions view detailed information about scan results for individual items (and reclassify items that returned from Sensitive Content Manager with a status of "Unable to Classify") if you are also a member of the ControlPoint Quarantine Administrators group, manage quarantined items save items of a particular severity level as a selection that can be used to perform ControlPoint operations. To manage Compliance Action scan results: 1 Select the object(s) containing the scan jobs you want to view/edit. 2 Choose Compliance > Compliance Summary. 14

NOTE: You can also access this page for a specific job from the Analyze Content page, via the Page View link 3 If you want to view jobs for a different date range, change the Start and/or End dates and click [Find Scan Jobs]. 4 Select the type of scan jobs you want to view/edit. Use the information in the following table for guidance. 5 Click [Find scan jobs]. 6 Select the job whose details you want to view. The following details about the selected job display beneath the grid: Classification Result Counts - The number of items that fall into each classification Scan information - Description of and metrics associated with the job itself Scan Results Summary - A pie chart that shows the distribution of items among classifications. To save items of a selected severity as a ControlPoint selection: 1. Select a classification from the 2 drop-down then click [Get Selection]. Follow the procedure for Saving and Re-Using a SharePoint Object Selection. Acting on Compliance Analysis Results From the Compliance Summary page, you can take a number of compliance actions on returned SCM scans. Use the information in the following table to determine the appropriate action to take. NOTE: Any option that is not valid for the result set is not available for selection. For example, if you are viewing Compliance Action jobs, the option to Apply Compliance Actions will be disabled. If you want to... Then... view more detailed from the Sensitive Content Submission Maintenance page,select the information about scan applicable Detailed Analysis View link. results for individual OR items (and, optionally, export results for closer from the Compliance Summary page, click [View Detailed Classification analysis) Analysis]. Note that there is a separate tab for each classification, with detail about each item for which scan results were returned. If you want to download a tabs-worth of results: a) Choose one of the following export formats: XLS format (for opening in a pre-2007 version of Excel) Excel XML format (for opening in Excel 2007 or later) PDF formal b) Click [Export]. 15

If you want to... re-classify an item that returned "Unable to Classify" manage quarantined items (and you are a member of the ControlPoint Quarantine Administrators group) apply Compliance Actions to the selected job Then... see Reclassifying Items Returned as Unable to Classify. If you want an action to be taken on any items that were returned by Sensitive Content Manager as 'Unable to Classify,' you must reclassify them before applying Compliance Actions to the scan job. see Managing Quarantined Items. a) From the Compliance Summary page, click [Apply Compliance Actions]. NOTE: This option is not available if you filtered results by Compliance Action Jobs. b) Either: select a previously-defined Compliance Action from the drop-down OR define a new Compliance Action. WARNING: If you choose to Update Existing Compliance Actions, the changes will be applied to all scan jobs that use it going forward. This is especially noteworthy in the case of ControlPoint Policies, because once the policy is created the most current definition of the Compliance Actions is applied automatically based on scan results. When finished, click [Apply actions to current scan]. view items for which Compliance Actions have been taken from the Compliance Summary page,, click [View Items Affected by Compliance Actions]. 16

If you want to... Then... Note that there is a separate tab for each action taken, with a list of items and the associated classifications returned by Sensitive Content Manager. If you want to download a tabs-worth of results: a) Choose one of the following export formats: XLS format (for opening in a pre-2007 version of Excel) Excel XML format (for opening in Excel 2007 or later) PDF formal b) Click [Export]. download items of a particular severity level (Mild, Moderate. or Severe) as a reusable selection on which you can perform ControlPoint operations a) from the Compliance Summary page drop-down to the right of the icon, select a Classification (Severity Level). b) Click [Get Selection]. You can now download and save the file, then upload it as a selection when performing a ControlPoint operation that involves list items. See Saving and Re-Using a SharePoint Object Selection. Reclassifying Items Returned as Unable to Classify If an item is returned from Sensitive Content Manager with a Classification of 'Unable to Classify,' it means that the service detected "probable" sensitive content but was unable to classify it definitively as sensitive content. You can, however, review the file and apply a classification manually before applying a Compliance Action to the scan job. If you want an action to be taken on any items that were returned by Sensitive Content Manager as 'Unable to Classify,' you must reclassify them before applying Compliance Actions to the scan job. To reclassify items returned as 'Unable to Classify': 1 From the Detailed Security Classification Analysis page, select the Unable to Classify tab. 2 Select the item(s) to which you want to apply a a particular classification. 17

NOTE: If you want to review the contents of an item before assigning a classification, click the URL link to open the item. 3 Select a classification from the drop-down, then click [Reclassify]. You will be prompted to confirm the action before continuing. CAUTION: Once you reclassify an item, the drop-down becomes disabled and the item cannot be reclassified again. If Compliance Actions have already been applied to the scan job containing the item(s), the Reclassify option will no longer appear on the page. Once an item has been reclassified: it will be moved to the appropriate tab for the classification AND the classification change(s) will be reflected on the Compliance Summary page. Managing Quarantined Items If you are a member of the ControlPoint Quarantine Administrators group, you can manage items that have been quarantined as a result of a Compliance Action. When an item is quarantined, it remains in the same location in the SharePoint list, but all permissions except those of ControlPoint Quarantine Administrators are removed. Currently, members of the Quarantine Administators group must be a Site Collection Administrator for each site collection containing quarantined content (in order to invoke the Manage Quarantine Documents page from the SharePoint Hierarchy) 18

OR also be a member of the Compliance Administrators Group. To manage quarantined items: 1 Use the information in the following table to determine the appropriate action to take. If you are starting from... Then... the SharePoint Hierarchy a) Select the object(s) containing the quarantined items you want to manage. b) Choose Compliance > Manage Quarantined Items. the Compliance Summary page a) Make sure the Compliance Action jobs radio button is selected. b) Select the Scan job containing the quarantined items you want to manage. c) Click [Manage Quarantined Items]. 2 Select the quarantined item(s) you want to act on. 3 If you want to review the content of a quarantined item before taking an action, click the Document link in the View column. Now you can either: remove the item from quarantine NOTE: When you remove an item from quarantine, it is restored in its original location with the same permissions it had before it was quarantined. OR permanently delete the file(s). Reporting on Sensitive Content Activity If you are a member of the ControlPoint Compliance Administrators group, you can use the ControlPoint Sensitive Document Activity report to view detailed information about documents analyzed by Sensitive Content Manager that: have been identified as "sensitive content" (that is, have been assigned a Severity Level) AND have been accessed by at least one SharePoint user. Before you can report sensitive document activity: Auditing must be enabled for each list or library for which you want to report sensitive document activity. You can enable these settings for individual site collections from within SharePoint. 19

At least one Compliance scan must have been returned by Sensitive Content Manager with items that have been assigned a Severity Level. To report sensitive document activity: 1 Select the object(s) for which you want to report sensitive document activity. 2 Choose Compliance > Sensitive Document Activity. The tiles at the top of the report highlight the following statistics for the selected time period (by default, the past month): Total Number of SCM (Sensitive Content Manager) Classified Documents Sensitive Documents Accessed (that is, the number of times a document identified as having sensitive content has been accessed by a SharePoint user) NOTE: The number of times the System Account has modified the Scan Results field for the item on the SharePoint list will be included in this value unless the ControlPoint Configuration Setting Add Scan Results Column to Scanned SharePoint List is set to false. Users Accessing Sensitive Documents (that is, the number of unique SharePoint users who have accessed documents identified as containing sensitive content) Realtime Scanning (that is, the number of days since the last realtime scan was performed) To filter results that display in the body of the report: 1. Choose a different severity level from the Filter drop-down and/or modify the default date range. 2. Click [Refresh]. Graph Tab The Sensitive Document Activity report Graph tab illustrates the Activity Count by Sensitivity for the selected Severity Level(s) and date range. Note that you can click a Severity Level in the legend at the right side of the page to hide/display it. Files Tab The Sensitive Document Activity report Files tab lists all of the documents the Content Sensitive Manager identified as "sensitive content" for the selected Severity Level(s), grouped by list or library. Note that this tab displays all content sensitive classified documents for the selected Severity Level(s), regardless of whether they have been accessed, and the date range filter does not apply. 20

Users Tab The Users tab lists the SharePoint users who have accessed documents with sensitive content within the specified time period, along with the Number of Docs Accessed. Activity Tab The Activity tab lists each individual instance of sensitive content activity, including the User Name. Activity Type, document Severity Level and Activity Date. Analyzing Scanned Files The Scanned Files by Search Term and Scanned Files by Scope analyses let you view all of the files that have been analyzed by SCM for sensitive content over a specified date range. To generate a Scanned Files analysis: 1 Select the object(s) you want to include in your analysis. 2 Select the appropriate option, based on how you would like to have results grouped: Compliance > Scanned files by Scope OR 3 Compliance >Scanned files by Search terms. Specif the parameters for your analysis. IMPORTANT: Currently, you can only Filter by Search Terms if you enter enter one complete search term (that is, you cannot filter by multiple or partial search terms). If you leave the Filter by Search Terms field blank, all search terms within the scope of your analysis will be included. If the Use cached data box is checked, results will include only files within the scope of your analysis that have been scanned. If this box is not checked (that is, the analysis is run on realtime data), results will also include items within the scope of your analysis that have not been scanned. Now you can either: run the operation immediately (by clicking the [Run Now] button) OR schedule the operation to run at a later time or on a recurring basis. 21

OR save the operation as XML Instructions that can be executed at a later time. If you chose to run the analysis on cached data, all of the files that have been scanned by the SCM service within the specified date range are listed, grouped either by scope or search term (depending on the analysis selected). If you ran the analysis on real-time data, results will also include items within the scope of your analysis that were Not Scanned. 22

Changing Default Settings for Compliance These configuration settings display in the ControlPoint Settings list under the category Compliance, and apply when your ControlPoint license includes Compliance functionality. Compliance Endpoints By default, endpoints for Sensitive Content Manager point to Sensitive Content Manager (Cloud edition). If, however, your environment uses Sensitive Content Manager Server (the on-premises version), the Value of each of these endpoints must be changed to point to the server on which Sensitive Content Manager Server is installed. Use the information in the following table for guidance. NOTE: These are Advanced settings. End Description poi nt Default (Cloud Services) Value SCM Server Value Web The URL for Cloud Services or Sensitive Servi Content Manager on premises authentication ces server for authenticating user when sending files. Endp oint for Com plian ce Auth entic ation (Co mpli ance Auth URL) https://login.onmetalogix.com http://<server.domain> Com plian cepr ofile Auth URL The URL for Cloud Services or Sensitive Content Manager on premises authentication server for authenticating user to retrieve profiles. https://login.onmetalogix.com Web Servi ces Endp oint The URL for Cloud Services or Sensitive Manager on premises service for retrieving profiles. (or if installed on multipe servers: http://<server.domain>:port) http://<server.domain> (or if installed on multipe servers: http://<server.domain>:port) https://scm.onmetalogix.com http://<server.domain> (or if installed on multipe servers: http://<server.domain>:port) 23

End Description poi nt Default (Cloud Services) Value SCM Server Value https://files.onmetalogix.com http://<server.domain> for Com plian ce Profi le Requ ests (Co mpli ance Profi leur L) Web Servi ces Endp oint for Com plian ce Scan Uplo ad (Co mpli ance Uplo adu RL) The URL for Cloud Services or Sensitive Content Manager on premises service for sending files Web Servi ces Endp oint for Com plian ce Scan Resu lts (Co mpli The URL for Cloud Services or Sensitive Content Manager on premises service for retrieving files job results (or if installed on multipe servers: http://<server.domain>:port) https://cajobs.onmetalogix.com http://<server.domain> (or if installed on multipe servers: http://<server.domain>:port) 24

End Description poi nt Default (Cloud Services) Value SCM Server Value ance Resu ltsu RL) Compliance Alert Email Text When a Compliance Action Rule specifies that an alert be sent, ControlPoint automatically sends an email for the applicable severity level to the appropriate user(s).. ControlPoint Application Administrators can, however, modify the default text, as described in the following table. If you want to change the text of the email that is sent to alerted user(s) when... Then change the Parameter of the ControlPoint Setting... the threat level is Mild ComplianceMildLevelThreatsE mailbody The document @@DocumentName@@ in the location @@ListUrl@@ contains content that has been identified as posing a Mild level of threat, and ControlPoint has taken the following compliance action: @@Action@@. the threat level is Moderate ComplianceModerateLevelThr eatsemailbody The document @@DocumentName@@ in the location @@ListUrl@@ contains content that has been identified as posing a Moderate level of threat, and ControlPoint has taken the following compliance action: @@Action@@. 25 From the default text...

If you want to change the text of the email that is sent to alerted user(s) when... Then change the Parameter of the ControlPoint Setting... the threat level is Severe ComplianceSevereLevelThreat The docment semailbody @@DocumentName@@ From the default text... in the location @@ListUrl@@ contains content that has been identified as posing a Severe level of threat, and controlpoint has taken the following compliance action: @@Action@@. No Where the following variables are used: @@DocumentName@@ is the name of the item that contains the non-compliant content. @@ListUrl@@ is the location of the list that contains the non-compliant item @@Action@@ is the Compliance Action that has been carried out. Compliance Profile API Method (ComplianceProfileAPIMethod) The ControlPoint compliance Profile API method is the endpoint to the Web Service that retrieves Profiles for use in identifying Sensitive Content. If ControlPoint was first installed prior to version 7.0, the ControlPoint Application Administer must update the Value of the ControlPoint Configuration Setting Compliance Profile API Method from api/v1.0/gettenantprofile to api/v1.0/profiledetails/gettenantprofile. NOTE: This is an Advanced setting. 26

Add Scan Results Column to SharePoint List (IncludeTextWhenScanning) By default, the first time a Compliance scan is performed on items in a SharePoint list, a column called Scan Results is created and the Severity Level populated for each item scanned. Each subsequent time a scan is performed, the Severity Level is populated for the scanned item. ControlPoint Application Administrators can, however, prevent this column from being created/populated by changing the Value of the ControlPoint Configuration Setting Add Scan Results Column to SharePoint List from true to false. NOTE: This is an Advanced setting. 27

28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback