Optionally run your discovery scenario and review the results.
About this task
After defining policies for discovering sensitive data and identifying datasources to search, you
can run the classification process and review the results. Running the process and
reviewing the results allows you to refine your policies, for example specifying additional search
criteria if you find the results too broad. It may be necessary to go through several iterations of
refining policies, running the process, and assessing the results before achieving the desired
results.
Procedure
- Open the Run discovery section to
test your discovery scenario.
-
Click Run Now to begin.
Attention:
-
Depending on the policies you have specified and the number of datasources you have selected to
search, it may take several minutes or more to complete the process of identifying sensitive data.
The process status is indicated next to the Run Now button, or you can
monitor the process using the Guardium Job Queue.
If progress indication does not begin and the Run Now button becomes
enabled without indicating that results are available, save the scenario and try running the job
again.
- By default, the classifier uses
count *
to determine
cardinality for random sampling. For Oracle datasources, Guardium also supports using database
statistics to determine cardinality. For more information, see the
DATA-CARDINALITY-FOR-SAMPLING-TABLES = STATISTICS custom property in the Oracle (Data Direct - SID) or Oracle (Data Direct - Service Name)
documentation.
-
When the discovery scenario has finished running, open the Review report
section to see the results.
- Use the Generation time menu to select the report instance to
view.
- The icon lists the datasources
included in the report.
- Click the
icon to adjust report settings such as aliases and hierarchical groups.
- Open the Process log to review detailed log information.
- Use the Filter box to refine results (filtering is not supported with
more than 10,000 results).
-
While reviewing the results, you can define additional rules and actions based on the
results.
-
Select the row(s) containing data you want to define actions against.
-
Click Add to Group to define a grouping action, or click
Advanced Actions to define other actions such as alerting, logging, or
ignoring.
-
After completing the dialog to define an action, click OK to return to
the results report.
Attention:
- Actions added from the results table are considered ad hoc actions that run only as invoked from
the results table. These actions will not appear in the section of your discovery scenario, and they will not run automatically as part of
the discovery scenario or related classification processes.
- Use the Policy Builder to review, edit, and install alerting actions and
access rules.
- Use the Group Builder to review and edit grouping actions.
- Use the Privacy Set Builder for to review privacy set actions.
- Use the Incident Management tool to review policy logging actions.
Results
After running the search for sensitive data, monitor its status next to the Run
Now button or using the Guardium Job Queue. You can use the
Group Builder to review any grouping actions or the Policy
Builder to review and install any alerting actions that were added from the results
table.
What to do next
Optionally, continue to the next section of the discovery scenario,
Audit.