Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Settings and Resources
How to Use Agents SettingsHow to Use Data Retention SettingsHow to Use Notifications SettingsHow to Use Remediation SettingsHow to Use Scan SettingsHow to Use Updates SettingsHow to Use Global Ignore ListsData Asset Inventory SettingsPassword PolicySpirion Sensitive Data Platform Console Site Whitelist
Global Classifications
Global Data Types
SearchAPI
Script Repository
Additional Resources
Reports
Reporting API
Customer Support Articles

How to Use Remediation Settings

This topic describes the various options under the Remediation section of the Scans Settings page in Spirion Sensitive Data Platform.

How to Use Remediation Settings

To use Remediation settings, use the following steps:

  1. From the left side navigation menu, click Settings > Application Settings > Scans Settings.
  2. The Scans Settings page opens.
  3. Click the down arrow to expand the Remediation section.

  4. Complete the following fields:
  • Synchronize Classification Changes With Targets:
    • Enabled: Manual classification changes made to sensitive data matches on the Scan Results page of the Spirion console are synchronized with the endpoint (target).
      • This service task synchronizes the classifications between the database and agent.
        • For example, a "Public Classification" applied to a SSN number match in the Results page of the Console displays on the file in the Agent (using the Synchronize Classifications service task).
    • Disabled: No synchronization is performed
  • Classification Overlay Shape:
    • The shape of the classification overlay that displays when the Display Classification Icons setting is disabled or when there are no icons loaded for a classification.
    • Options:
      • Circle (default)
      • Square
  • Use This Algorithm When Creating File Hashes:
    • When using file hashes for Global Ignore Lists or adding file hashes to search locations in a policy, it is possible to specify the algorithm to be used for the hashing.
    • Changing this setting after hashes have been created invalidates any existing hashes.
    • The Console and all endpoints must be configured, in unison, to use the same file hashing algorithm.
    • The hash algorithm can be specified for endpoints with the following policy setting: Settings\Actions\Ignore\FileHash
    • Default algorithm: MD5

Quarantine Settings

Note: Global configurations can be overridden by quarantine locations set in individual Scan Playbooks.

Linux Quarantine File Path

Enter the Linux location to quarantine the files.

  • Local Agent machine, all files: <path>/<Quarantine_Folder>
    • Example: /home/AdminBob/Quarantine
    • This entry quarantines all files to the specified Linux folder on the local Agent machine
  • Mounted machine, all files: mnt/Quarantine
    • This entry quarantines all files to the specified quarantine folder on the specified mounted machine
  • Remote machine, all files: \\<IP_address>\<drive_letter>$\<Quarantine_Folder>
    • Example: \\10.0.2.163\c$\Quarantine
    • This entry quarantines all files to the specified path on the specified remote Windows machine
      Note: The file path syntax for Linux and Mac is different from that of Windows. The backslash '\' character in Windows is represented as a forward slash '/' in Linux/Mac.

Mac Quarantine File Path

Enter the Mac location to quarantine the files.

  • Local Agent machine, all files: <path>/<Quarantine_Folder>
    • Example: /Users/Admin/Quarantine
    • This entry quarantines all files to the specified Mac quarantine folder on the local Agent machine
  • Remote machine, all files: \\<IP_address>\<drive_letter>$\<Quarantine_Folder>
    • Example: \\10.0.2.163\c$\Quarantine
    • This entry quarantines all files to the specified path on the specified remote Windows machine

Windows Quarantine File Path

Enter the local or remote Microsoft Windows location to quarantine the files.

  • Local Agent machine, all files: <Drive_Letter>:\<Quarantine_Folder>
    • Example: C:\ScanData\Quarantine
    • This entry quarantines all files to the specified Windows drive (C:\ drive and folder on the local Agent machine
  • Remote machine, all files: \\<IP_address>\<drive_letter>$\<Quarantine_Folder>
    • Example: \\10.0.2.163\c$\Quarantine
    • This entry quarantines all files to the specified path on the specified remote Windows machine

Leave Behind Warning Text Content

Enter a text message that displays on files specifying the reason of quarantine.

  • To specify the source location, use the value %source%.
  • To specify the destination location, use the value %dest%.
  • To add a newline use the value %n%.

Redact Character Replacement

Enter the character you want to use in place of the text you are redacting.

Redact all but Last 4

  • Select, if applicable.


    Note: Global quarantine configurations for cloud locations are mostly done with the admin accounts.
    Note: Global configurations can be overridden by Playbook quarantine locations.

Amazon S3 Quarantine File Path

Specify the default folder to use for quarantining files discovered in an Amazon S3 cloud location.

  • This setting can be a single location or a list of locations, entered one per line.
  • Each item in the list must be specifically formatted to include the <path>, <user> (optional), and/or <admin> (admin account optional)
    • <user> is a specified S3 user account to the specified S3 location
    • <admin account> (optional) is an administrative account on S3 defined in the cloud storage configuration.
      • If the admin account is not included, the path applies to all administrative accounts defined in the configuration.
  • Supported Paths
    • Only cloud storage paths (as they appear in results without a file name)

Examples

Examples of quarantine paths for local and cloud destinations, in valid formats, are listed below:

  • Amazon S3, all files: Amazon S3: user/Quarantine_Folder
    • This entry quarantines all files on this cloud provider to the specified Amazon S3 quarantine folder
  • Amazon S3, admin user files only: Amazon S3: user/Quarantine_Folder,admin@domain.com
    • This entry quarantines only files in the specified admin account on this cloud provider to the specified Amazon S3 quarantine folder

Box Quarantine File Path

Specify the default folder to use to quarantine files discovered in a Box cloud location.

  • This setting can be a single location or a list of locations, entered one per line.
  • Each item in the list must be specifically formatted to include the <path>, <user> (optional), and/or <admin> (admin account optional)
    • <path> is any valid path
    • <user> is a specified Box user account to the specified Box location
    • <admin account> (optional) is an administrative account on Box Sync defined in the cloud storage configuration.
      • If the admin account is not included, the path applies to all administrative accounts defined in the configuration.
  • Supported Paths
    • Only cloud storage paths (as they appear in results without a file name)
    • Standard file system paths

Examples

Examples of quarantine paths for local and cloud destinations, in valid formats, are listed below:

  • Local Agent machine, all files: E:\Quarantine_Folder
    • This entry quarantines all files on this cloud provider to this local folder (E:\Quarantine_Folder) on the local agent
  • Local Agent machine, admin user files only: E:\Quarantine_Folder,admin@domain.com
    • This entry quarantines only files in the specified admin account on this cloud provider to this folder (E:\Quarantine_Folder) on the local agent
  • Box, all files: Box Sync: user@domain.com/Quarantine_Folder
    • This entry quarantines all files on this cloud provider to the specified Box Sync folder
  • Box, admin user files only: Box Sync Admin: user@domain.com/Quarantine_Folder,admin@domain.com
    • This entry quarantines only files in the specified admin account on this cloud provider to the specified Box Sync folder

Dropbox Quarantine File Path

Specify the default folder to use to quarantine files discovered in a Dropbox cloud location.

  • This setting can be a single location or a list of locations, entered one per line.
  • Each item in the list must be specifically formatted to include the <path>, <user> (optional), and/or <admin> (admin account optional)
    • <path> is any valid path
    • <user> is a specified Dropbox user account to the specified Dropbox location
    • <admin account> (optional) is an administrative account on Dropbox Sync defined in the cloud storage configuration.
      • If admin account is not included, the path applies to all administrative accounts defined in the configuration.
  • Supported Paths
    • Only cloud storage paths (as they appear in results without a file name)
    • Standard file system paths

Examples

Examples of quarantine paths for local and cloud destinations, in valid formats, are listed below:

  • Local Agent machine, all files: E:\Quarantine_Folder
    • This entry quarantines all files on this cloud provider to the specified drive and folder (E:\Quarantine_Folder) on the local agent
  • Local Agent machine, admin user files only: E:\Quarantine_Folder,admin@domain.com
    • This entry quarantines only files in the specified admin account on this cloud provider to the specified drive and folder (E:\Quarantine_Folder) on the local agent
  • Dropbox, all files: Dropbox Sync: user@domain.com/Quarantine_Folder
    • This entry quarantines all files on this cloud provider to the specified Dropbox Sync folder
  • Dropbox, admin user files only: Dropbox Sync: user@domain.com/Quarantine_Folder,admin@domain.com
    • This entry quarantines only files in the specified admin account on this cloud provider to the specified Dropbox Sync folder

Microsoft OneDrive Quarantine File Path

Specify the default folder to use to quarantine files discovered in a Microsoft OneDrive cloud location.

  • This setting can be a single location or a list of locations, entered one per line.
  • Each item in the list must be specifically formatted to include the <path>, <user> (optional), and/or <admin> (admin account optional)
    • <path> is any valid path to the files to be quarantined
    • <user> is a specified OneDrive user account to the specified OneDrive location
    • <admin account> is an administrative account on OneDrive defined in the cloud storage configuration.
      • If the admin account is missing, the path applies to all administrative accounts defined in the configuration.
  • Supported Paths
    • Cloud storage paths (as they appear in results without a file name)
    • Standard file system path

Examples

Examples of quarantine paths for local and cloud destinations, in valid formats, are listed below:

  • Local Agent machine, all files: E:\Quarantine_Folder
    • This entry quarantines all files on this cloud provider to the specified drive and folder (E:\Quarantine_Folder) on the local agent
  • Local Agent machine, admin user files only: E:\Quarantine_Folder,admin@domain.com
    • This entry quarantines only those files in the specified admin account on this cloud provider to the specified drive and folder (E:\Quarantine_Folder) on the local agent
  • OneDrive, all files: OneDrive For Business: user@domain.com/Quarantine_Folder
    • This entry quarantines all files on this cloud provider to the specified Microsoft OneDrive for Business quarantine folder
  • OneDrive, admin user files only: OneDrive For Business: user@domain.com/Quarantine_Folder,admin@domain.com
    • This entry quarantines only files in the specified admin account on this cloud provider to the specified Microsoft OneDrive for Business quarantine folder
    • Note: To quarantine files to Microsoft OneDrive, the entire location file path must be written in lowercase.

Google Drive Quarantine File Path

Specify the default folder to use to quarantine files discovered in a Google Drive cloud location.

  • This setting can be a single location or a list of locations, entered one per line.
  • Each item in the list must be specifically formatted to include the <path>, <user> (optional), and/or <admin> (admin account optional)
    • <path> is any valid path
    • <user> is a specified Google user account to the specified Google location
    • <admin account> is an administrative account on Google Drive defined in the cloud storage configuration.
      • If the admin account is missing, the path applies to all administrative accounts defined in the configuration.
  • Supported Paths
    • Cloud storage paths (as they appear in results without a file name)
    • Standard file system path

Examples

Examples of quarantine paths for local and cloud destinations, in valid formats, are listed below:

  • Local Agent machine, all files: E:\Quarantine_Folder
    • This entry quarantines all files on this cloud provider to the specified drive and folder (E:\Quarantine_Folder) on the local agent
  • Local Agent machine, admin user files: E:\Quarantine_Folder,admin@domain.com
    • This entry quarantines only those files in the specified admin account on this cloud provider to the specified drive and folder (E:\Quarantine_Folder) on the local agent
  • Google Drive, all files: Google Drive: user@domain.com/Quarantine_Folder
    • This entry quarantines all files on this cloud provider to the specified Google Drive quarantine folder
  • Google Drive, admin user files only: Google Drive: user@domain.com/Quarantine_Folder,admin@domain.com
    • This entry quarantines only those files in the specified admin account on this cloud provider to the specified Google Drive quarantine folder

SharePoint Quarantine File Path

Enter the SharePoint location as described below to quarantine the files.

Note: Quarantining SharePoint files to a remote file server is not supported at present.
  • Local Agent machine: <Drive_Letter>:\Quarantine_Folder
    • Example: C:\SharePointQuarantine
    • This entry quarantines all files to the specified drive (C🙂 and quarantine folder on the local Agent machine
  • SharePoint site: https://<SharePoint_site>/sites/QuarantineSite

Bitbucket Quarantine File Path

Bitbucket is not currently supported.

Microsoft Information Protection

Procedure:

  1. Next to Manage Protection (Authenticated), click the blue Manage button.
  2. The "Manage Protection" window opens.

    1. Enter your admin user account name in the Admin User Account Name field and click the blue Authenticate button.
    2. Authentication Code: Enter your authentication code provided from the authentication above in the box.
    3. Client ID: (Optional) Enter your unique client ID to be used for authentication.
    4. Client Secret: (Optional) Enter your unique client secret to be used for authentication.
    5. Tenant ID: (Optional) Enter your tenant ID to be used by the authenticating server.
  4. Click the Save button to save or the Cancel button to discard.
    Note: If you enter value in any of the optional fields, it is mandatory to add values in the other optional fields as well.
  5. In the Manage Label (Authenticated) section click the blue Manage button.

  6. The Manage Label pop-up window opens.
    1. Enter your admin user account name (user@domain.com) in the field Admin User Account Name and click the blue Authenticate button.
    2. Authentication Code: Enter your authentication code provided from the authentication above in the "Authentication Code" field.
    3. Client ID: Enter your unique client ID to be used for authentication.
    4. Client Secret: Enter your unique client secret to be used for authentication.
    5. Tenant ID: Enter your tenant ID to be used by the authenticating server.

  8. Click the blue Save button to save or the Cancel button to discard.


Was this article helpful?

Powered by Product Fruits