Run discovery and review report

Optionally run your discovery scenario and review the results.

About this task

After defining policies for discovering sensitive data and identifying datasources to search, you can run the classification process and review the results. Running the process and reviewing the results allows you to refine your policies, for example specifying additional search criteria if you find the results too broad. It may be necessary to go through several iterations of refining policies, running the process, and assessing the results before achieving the desired results.

Procedure

  1. Open the Run discovery section to test your discovery scenario.
  2. Click Run Now to begin.
    Attention:
    • Depending on the policies you have specified and the number of datasources you have selected to search, it may take several minutes or more to complete the process of identifying sensitive data. The process status is indicated next to the Run Now button, or you can monitor the process using the Guardium Job Queue.

      If progress indication does not begin and the Run Now button becomes enabled without indicating that results are available, save the scenario and try running the job again.

    • By default, the classifier uses count * to determine cardinality for random sampling. For Oracle datasources, Guardium also supports using database statistics to determine cardinality. For more information, see the DATA-CARDINALITY-FOR-SAMPLING-TABLES = STATISTICS custom property in the Oracle (Data Direct - SID) or Oracle (Data Direct - Service Name) documentation.
  3. When the discovery scenario has finished running, open the Review report section to see the results.
    • Use the Generation time menu to select the report instance to view.
    • The information icon lists the datasources included in the report.
    • Click the ../graphics/icon_settings.jpg icon to adjust report settings such as aliases and hierarchical groups.
    • Open the Process log to review detailed log information.
    • Use the Filter box to refine results (filtering is not supported with more than 10,000 results).
  4. While reviewing the results, you can define additional rules and actions based on the results.
    1. Select the row(s) containing data you want to define actions against.
    2. Click Add to Group to define a grouping action, or click Advanced Actions to define other actions such as alerting, logging, or ignoring.
    3. After completing the dialog to define an action, click OK to return to the results report.
      Attention:
      • Actions added from the results table are considered ad hoc actions that run only as invoked from the results table. These actions will not appear in the What to discover > Edit rule > Actions section of your discovery scenario, and they will not run automatically as part of the discovery scenario or related classification processes.
      • Use the Policy Builder to review, edit, and install alerting actions and access rules.
      • Use the Group Builder to review and edit grouping actions.
      • Use the Privacy Set Builder for to review privacy set actions.
      • Use the Incident Management tool to review policy logging actions.

Results

After running the search for sensitive data, monitor its status next to the Run Now button or using the Guardium Job Queue. You can use the Group Builder to review any grouping actions or the Policy Builder to review and install any alerting actions that were added from the results table.

What to do next

Optionally, continue to the next section of the discovery scenario, Audit.