Help Center
News
Help Center
News
Popular
Spirion Sensitive Data Platform v13.5 Released!How to Write a PlaybookarchTIS Acquires U.S. Data Security Firm Spirion to Accelerate Global Expansion and Expand Data-Centric Security OfferingHow to Configure Single Sign-On (SSO) Using Microsoft EntraHow To Configure Single Sign-On (SSO) using Okta Identity ManagementHow to Quarantine OneDrive Files
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Settings and Resources
Additional Resources
Reports
Reporting API
Customer Support Articles

How to Write a Playbook

A Scan Playbook must be selected whenever you create a sensitive data scan. When your sensitive data scan encounters data, Scan Playbooks dictate what data qualifies as a scan result and what remediation actions to take on that data, if any.

Overview

Playbooks are a unique feature of Spirion Sensitive Data Platform.

  • Playbooks dictate what data qualifies as a sensitive scan result and what remediation actions to take on that data, if any.
  • Remediation actions range from classification and assignment to using external tools like Microsoft Purview, PowerShell, and Python scripts.
  • With Playbooks you can tie decision logic to metadata attributes, ensuring nuanced processing based on factors like location, access control lists, modification/access dates, and more.
  • Playbooks enable you to execute manual actions for validation and approval, such as redaction or quarantine
  • Once your Playbook has been validated, you automate the playbook actions for application to larger sets of scan results.

Useful Tips for Building Playbooks

  • Make sure that if your playbook has multiple levels that you are automating the take no action layers of the levels OR they may not process and require user action to move forward
  • When you change a playbook, you must go to the scan that is using that playbook and reselect the playbook

How to Add a New Scan Playbook

Procedure:

  1. From the left menu, click Scans.
     
     
  2. Select Scan Playbooks.


     
  3. Click +Add Playbook in the top right corner.  

  4. From the pop-up window, add the Name and Description of the new Playbook.
  5. Click Continue to create the new Playbook.

Decision Point

The diamond shape in the middle of the diagram is where you set the logic to use.

Does the location you are scanning contain sensitive data such as:

  • Social security number?
  • Credit card number?
  • IMEI number?
  • Phone number?
  • Address?
  • SIN?
  • other personal, private, or sensitive data?

If found, what is the best course of action to take:

  • Shred (delete)?
  • Quarantine?
  • Restrict Access to the file with the sensitive data?
  • Notify a user of the discovery?
  • Assign a user or role to address the discovery
  • Classify the file?
  • other actions?

If the location you are scanning does not contains sensitive data ('No' path), what action must be taken:

  • Classify the file?
  • Restrict Access to the file with the sensitive data?
  • Notify a user of the discovery?
  • Assign a user or role to address the discovery
  • other actions?

Decision Point Requirements

NOTE: At least one Classification or Shred action must be set in a playbook ('Yes' or 'No' path). For example, if you use Take No Action on the 'No' path, then you must apply a Classification or Shred action on the 'Yes' path.

Step Logic

  • Step Logic No: Applies the action when a data match is not found.
  • Step Logic Yes: Applies the action when a data match is found.

Procedure:

  1. Decision Point: Click the Decision Point icon to open the Decision Point pop-up window.
  2. Step Logic: In the Name box, type the name of the step logic.
    1. For example: SSN Redact.
  3. Logic: Set your logic.
    • Left criteria drop-down list: Select an option. For example: Data Types.
    • Center criteria drop-down list: Select an option. (The options available are determined by the initial criteria choice.) For example: Contains.
    • Right criteria drop-down list: Select the triple dot menu to open the Select Items window. Search for your data type (in this example) such as social security number. Click the arrow to add it.
    • Click the OK button.
    • Optional: To add a new group containing a filter value plus one additional value, click the plus icon.

  4. In the Decision Weight section, use the numeric up-down control to select a weight for the logic statement. This decision weight is shown in the table on the Scan Results page under the "Priority (Weighting)" column.
  5. Click Save to save the logic statement or Cancel to discard.

Select Action

Procedure:

  1. Click the drop-down arrow next to Select Action
  2. Select an option from the drop-down list.

Classification

  • Choose whether to apply the classification to Files and Databases, or Databases only.
  • You can automate the action if needed.

Procedure:

  1. Select Classification from the Select Action drop-down list. 

  2. Action Options: Select one from the drop-down list:
    1. Perform Action on File and Databases
    2. Perform Action on Databases Only
       Perform Action on Database Only
  3. Classification Type: Select one from the drop-down list:
    1. New Classification: Adds a new classification label to the search results.
    2. Remove Classification: Removes an existing classification label from the search results.
    3. Replace Classification: Replaces a classification label in the search results.   

  4. Select Classification: Select an option from the drop-down list.  
  5. See for to manage classifications. 
     
  6. Select Automate Action to apply the action automatically.

User Action

  • Add instructions for the user.
  • Assign the task to a specific user or role.
  • Can be automated.

Procedure:

  1. Select a User Action from the "Select Action" drop-down list.

  2. In the Provide Instructions, add specific user actions needed. 
     
  3. Note: This action can be automated.

Assign User Role

  • Add a User Action for manual steps.
  • Assign tasks to a User or Role.
  • Decide whether the action should be automatic or require approval.

Procedure:

  1. Select Assign from the Select Action drop-down list.

  2. Select User or Role: Select an option from the drop-down list.

  3. Automated Action: Select to apply the action automatically. 
     

Notify Assignee of Results

  • Send results to specific users.
  • Use a notification template or custom email addresses.
  • Multiple emails can be added (press Enter after each).
  • Can be automated.

Procedure:

  1. Select Notify from the Select Action drop-down list. 
     
  2. Custom Notification Template: Select an option from the drop-down list.
  3. Enter Email Address(es): Type the email address to be notified.
  4. Click Enter on your keyboard to add multiple email addresses.
  5. Automated Action: Select to apply the action automatically. 

MIP Label

  • Apply Microsoft Information Protection labels
  • Choose the label and how it should be applied
  • Can be automated

NOTE: This option requires the purchase of a MIP license.

To use Microsoft Information Protection (MIP) labels to apply to the results:

  1. Select MIP Label from the Select Action drop-down list.
  2. Select Microsoft Label: Select an option from the drop-down list           
  3. Label Application: Select an option from the drop-down list
  4. Automated Action:  Select to apply the action automatically.

Remediation

  • All remediation steps can be automated

Procedure:

  1. Select an option from the Remediation section of the Select Action drop-down list:

    • Restrict Access: Restrict access to specific users.
      • Do Not Restrict Access: Select an option from the drop-down list.
      • Automated Action: Select to apply the action automatically.

    • Quarantine: Quarantine results to a preset location defined by admin in the Global Settings.
      • The Move File via Preset Path is pre-filled with a Quarantine location.
      • The location is set by the admin in Sensitive Data Platform Settings.
      • Automated Action: Select to apply the action automatically.

    • ShredPermanently deletes a file. No further action can be taken.
      • Automated Action: Select to apply the action automatically.

    • Redact: Redacts the results when the Spirion application is closed.
    • Execute Script: Execute a script if there are results matching this rule.
      • Select an option from the Select Script drop-down list.
      • Automated Action: Select to apply the action automatically.

    • Take No Action: Take no action on the results.
      • Automated Action: Select to apply the action automatically.

    • Ignore: Ignore all future instances of a result
      • Automated Action: Select to apply the action automatically.

Complete Select Action

To complete a select action section:

  1. In an existing action, click the plus icon below the action box.

     
  2. Select Completed.

     
  3. The action is marked Complete.

     
  4. To reopen the action, click the to the right of Complete. 

Add Additional Select Actions

In an existing action, you can create a decision flow by adding an action below or to the side:

  1. New Action
    1. Click the plus icon at the bottom of the current action. 

       
    2. Click Decision

       
       
    3. Select an action from the Select Action drop-down list. See User Action for more details.

       
  2. New Adjacent Action
    1. Click the plus icon to the side of the current action.

    2. Select an action from the Select Action drop-down list. See User Action for more details. 

    3. To delete the new adjacent action, click the trash icon.

                                                 
    4. NOTE: To use a Playbook, you must mark all actions complete.

Manage Quarantine Paths

The Manage Quarantine Paths screen enables you to set a specific quarantine path other than the default setting.

To manage a quarantine path: 

  1. In a playbook, click Actions then Manage Quarantine Paths.


     
  2. In Quarantine Paths pop-up window, select one or more options from the drop-down list.

  3. Click outside of the drop-down list.
  4. Fill in the selected file paths.

  5. Click Save to save settings or Cancel to discard.

Select Data Types

  • In a playbook, go to Actions > Manage Data Types.
  • Search for and select data types (e.g., Social Security Number).
  • Edit or update existing data types as needed.

The Select Data Types pop-up window lists all the existing data types and actions you can take.

Select Manage Data Types

  1. In the playbook, click Actions then Manage Data Types


     
  2. Do one of the following:
    1. Select a data type tile.

  3. Type a data type in the search box and select the tile.
  4. Click Confirm to select this data type or Cancel to discard.

Edit a Data Type

To edit a data type:

  1. Click a data type tile. For example, Social Security Number.

  2. In the Edit Data Type pop-up window, make needed changes.
  3. Click Save & Update to save your changes or Cancel to discard.

  4. Click Confirm to update the data type or Cancel to discard.

Manage Classification

The Classification screen displays a searchable list of existing classifications.

Manage Scripts

The Script Repository screen displays a searchable list of existing scripts.

Was this article helpful?

Powered by Product Fruits