Enterprise Recon 2.11.0

Download ER 2.11.0 User Guide (PDF)

Investigate Page User Interface

This section covers the following:

Investigate Page Components

Below are the components found in the Investigate page:
Components in the Investigate page. Components in the Investigate page with Match Inspector.

Component Description
Results Grid

Displays the match results across all Targets. Target Group tags indicate the Target Group that the Target belongs to, and filter tags describe the filters that are applied to the match results set in the results grid.

Clicking on the arrow to the left of the Target name expands to show all match locations within a Target. Match results should then be reviewed and remediated where necessary.

Sort Match Locations Display match results within a Target by the selected sort order (e.g. Location, Owner, Status, Sign-Off, Matches). See Sort Match Locations for more information.
Filter Locations By Display specific Targets or match locations according to the filter criteria. See Filter Targets and Locations for more information.
Columns Add, remove, and prioritze columns to display in the Results Grid. See Results Grid Column Chooser for more information.
Match Inspector Displays detailed information for a match location. See View Match Inspector for more information.
Remediate Perform remedial actions on selected Targets and match locations. See Remediation for more information.
This feature is only available to users with Remediate or Global Admin permissions.
Control Access PRO Perform access control actions on selected Targets and match locations. See Data Access Management for more information.
Classify PRO Manually classify or remove the MIP sensitivity labels for selected Targets and match locations. See Data Classification with MIP for more information.
This feature is only available to users with Classification or Global Admin permissions.
Trash Locations Remove scan results for specific locations or data types from a Target. See Trash Locations for more information.
Export Export a CSV report of the Targets and match locations that are selected in the results grid. See Export Match Reports for more information.
Target Options Target options dropdown menu to access Target reports, inaccessible locations, remediation logs and more. Dropdown menu to Edit Target, access Target Reports, Inaccessible Locations, Operation Log, Scan History and Scan Trace Logs.

Filter Criteria

The table below shows all filter criteria that can be selected and specified to show specific Targets and match locations in the results grid:

Filters Description
Path Keywords

Only show match locations that contain a given keyword in the path or file name. Partial string matching is supported.
Risk Profiles PRO Only show match locations that are mapped to specific risk profiles, or classified as specific risk levels.
  • <risk_profile_label>: Show all locations that are mapped to the selected risk profile, regardless of priority.
  • <risk_profile_label> (Prioritised): Show only locations where the selected risk profile is mapped as the highest priority profile.

See Risk Scoring and Labeling for more information.
Targets

Only show results for the selected Target Groups or Targets.
Target Types Only show results for the selected Target types.
File Formats Only show results for the selected file formats or content types.
Metadata Only show match locations that contain specific metadata information. Available metadata filters include:
  • Document - Owner, Created, Modified
  • Email - Sender Email Address, Date Sent. Partial string matching is supported.
  • Filesystem - Owner, Created, Modified
  • Object - Created, Modified. Supported for Google Cloud Storage objects.
Access PRO Only show match locations that are accessible by specific groups, users, or user classes. Use the following format to filter by domain groups or user: <domain>\<group or username>.

See Data Access Management for more information.

The Access filter will only apply to locations scanned or rescanned with ER 2.2 and above.
Classification PRO Only show match locations with the selected
  • Classification type (e.g. "Discovered", "Classified" etc), or
  • MIP sensitivity label(s). Selecting the "Deleted labels" option will show match locations that were last classified with MIP labels that are no longer active or valid.

See Data Classification with MIP for more information.

The Classification filter will only apply to locations scanned or rescanned with ER 2.2 and above.
Data Types Only show match locations that contain the selected data types.
Operation Status Only show match locations with the selected remediation, access control or classification status.
Advanced Filters Only show match locations that fulfil the conditions defined in the selected Advanced Filters.

To apply filter criteria, see Investigate.

Match Inspector Components

The Match Inspector window allows you to review the list of matches for a specific match location and evaluate the remediation options.

The following table outlines all components found in the Match Inspector window:

Components in the Match Inspector window.

Component Description
Match Inspector window header Displays the name of the path of the selected match location.
Label Tags that summarize additional information related to the match location, such as the current operation status, current delegated remediation status, associated risk profiles, and applied MIP classification.
Match Inspector tabs Displays important information that are categorized into four tabs: Details tab, [match count] tab, Risk Profiles tab, and Access tab. See Match Inspector Tabs for more information.

To review the details in the Match Inspector window, see Investigate.

Match Inspector Tabs

Tab Description
Details Displays the following information for the selected match location:
  • File type/platform type details shows information such as the metadata, file type, full path link of the match location, etc. Clicking the full path link will scroll and highlight the specific file or location under the "Location" column.
    • The fields shown in this tab depend on the file type and/or platform type of the selected match location.
  • Target Details section shows the Target name and Target group.
  • Classification section shows information on the data classification and MIP label (if applicable).
[Match count] Indicates the total number of matches (for "prohibited" and "match" severity levels) and displays different information about the matches. Components of [match count] Match Inspector tab.
  1. Match breakdown panel shows the overall match count and the match count by data type category. Clicking the icon next to the data type category will view the list of match samples. The maximum number of match samples that can be displayed is 1000.
  2. Match preview shows the match count breakdown per data type (in descending order, from the data type with the highest to the lowest count), the match samples, and the contextual data surrounding the match.
    • The icon shows match sample encoding format options: Plain text (ASCII), EBCDIC (used in IBM mainframes), Hexadecimal.
    • The Panel Close icon. icon hides the match breakdown panel to make more space for the match preview. The Panel Open icon. icon displays the match breakdown panel again.
Risk Profiles PRO Displays risk profile information mapped to the selected match location (if any), such as the priority, the risk profile label, and the risk level.
Access PRO Displays access permissions and ownership information for the selected match location.

PRO This feature is only available in Enterprise Recon PRO Edition. To find out more about upgrading your ER2 license, please contact Ground Labs Licensing. See Subscription License for more information.