What is ULR (User Level Remediation)?

User Level Remediation (ULR) empowers end users to address (sensitive data) policy violations, issues or risks, and resolve them.

• End users can be alerted to a policy violation, such as storing passwords in plain text and take actions to remedy the problem, such as deleting the file or redacting the text.

Viewing Scan Results by Location

When viewing scan results by location, the location string has a diagonal-arrow icon next to it that launches the modal containing User Level Remediation controls.

Depending on the location and file type, unsupported actions are grayed out and cannot be selected.

There are two levels of remediation to consider:

• Location: Actions are applied to the entire location (shred, quarantine, classify, restrict access, redact, ignore).
• Match: Actions are applied to specific matches (redact, ignore, etc.).

It's important to note the following:

• Actions triggered by User Level Remediation controls show up in the audit log once completed, with an action history also available directly in the Scan Results table that is viewed by clicking the "i" icon in the corresponding column.
• User Level Remedation also introduces a centrally managed ignore list for agent-specific or global exclusions based on location or match result.
• The remaining User Level Remedation actions adhere to the values set globally in the console (quarantine/redact) or locally, in an Agent policy (shred).

Playbook Overrides

The ULR actions that apply to scan playbooks decisions are as follows:

• Incomplete (manual action) playbook decisions:
• • Scan results indicating "User Action/Intervention Required" resolve with a status of Overridden.
• Complete (automatic action) playbook decisions:
• • Scan results indicating "Complete" resolve with a status of Complete, Overridden.