Investigate Page User Interface

This section covers the following:

Investigate Page Components
Filter Criteria
Match Inspector Components
- Match Inspector Tabs

Investigate Page Components

Below are the components found in the Investigate page:
Components in the Investigate page.

Component	Description
Results Grid	Displays the match results across all Targets. Target Group tags indicate the Target Group that the Target belongs to, and filter tags describe the filters that are applied to the match results set in the results grid. Clicking on the arrow to the left of the Target name expands to show all match locations within a Target. Match results should then be reviewed and remediated where necessary.
Sort Match Locations	Display match results within a Target by the selected sort order (e.g. Location, Owner, Status, Sign-Off, Matches). Refer to Sort Match Location in the View Investigate Page section.
Filter Locations By	Display specific Targets or match locations according to the filter criteria. Refer to Filter Targets and Locations in the View Investigate Page section.
Columns	Add, remove, and prioritze columns to display in the Results Grid. Refer to Results Grid Column Chooser in the View Investigate Page section.
Match Inspector	Displays detailed information for a match location. Refer to View Match Inspector in the View Investigate Page section.
Remediate	Perform remedial actions on selected Targets and match locations. Refer to the Perform Remedial Actions section. This feature is only available to users with Remediate or Global Admin permissions.
Control Access PRO	Perform access control actions on selected Targets and match locations. Refer to the Manage Data Access section.
Classify PRO	Manually classify or remove the MIP sensitivity labels for selected Targets and match locations. Refer to the Integrate Data Classification (MIP) section. This feature is only available to users with Classification or Global Admin permissions.
Trash Locations	Remove scan results for specific locations or data types from a Target. Refer to Trash Locations in the View Investigate Page section.
Export	Export a CSV report of the Targets and match locations that are selected in the results grid. Refer to Export Match Reports in the View Investigate Page section.
Target Options	Dropdown menu to edit Target, access Target Reports, inaccessible locations, Operation Log, Scan History, and Scan Trace Logs.

Filter Criteria

The table below shows all filter criteria that can be selected and specified to show specific Targets and match locations in the results grid:

Filters	Description
Path Keywords	Only show match locations that contain a given keyword in the path or file name. Partial string matching is supported.
Risk Profiles PRO	Only show match locations that are mapped to specific risk profiles, or classified as specific risk levels. <risk_profile_label>: Show all locations that are mapped to the selected risk profile, regardless of priority. <risk_profile_label> (Prioritised): Show only locations where the selected risk profile is mapped as the highest priority profile. Refer to the Use Risk Scoring and Labeling section.
Targets	Only show results for the selected Target Groups or Targets.
Target Types	Only show results for the selected Target types.
File Formats	Only show results for the selected file formats or content types.
Metadata	Only show match locations that contain specific metadata information. Available metadata filters include: Document - Owner, Created, Modified Email - Sender Email Address, Date Sent. Partial string matching is supported. Filesystem - Owner, Created, Modified Object - Created, Modified. Supported for Google Cloud Storage objects.
Access PRO	Only show match locations that are accessible by specific groups, users, or user classes. Use the following format to filter by domain groups or user: <domain>\<group or username>. Refer to the Manage Data Access section. This feature is only available when Data Access Management is enabled.
Classification PRO	Only show match locations with the selected Classification type (e.g. "Discovered", "Classified" etc), or MIP sensitivity label(s). Selecting the "Deleted labels" option will show match locations that were last classified with MIP labels that are no longer active or valid. Refer to the Integrate Data Classification (MIP) section.
Data Types	Only show match locations that contain the selected data types.
Operation Status	Only show match locations with the selected remediation, access control or classification status.
Advanced Filters	Only show match locations that fulfil the conditions defined in the selected advanced filters. Refer to the Use Advanced Filters section.

To apply filter criteria, refer to the View Investigate Page section.

Match Inspector Components

The Match Inspector window allows you to review the list of matches for a specific match location and evaluate the remediation options.

The following table outlines all components found in the Match Inspector window:

Components in the Match Inspector window.

Component	Description
Match Inspector window header	Displays the name of the path of the selected match location.
Label	Tags that summarize additional information related to the match location, such as the current operation status, current delegated remediation status, associated risk profiles, and applied MIP classification.
Match Inspector tabs	Displays important information that are categorized into four tabs: Details tab, [match count] tab, Risk Profiles tab, and Access tab. See Match Inspector Tabs for more information.

Match Inspector Tabs

Tab	Description
Details	Displays the following information for the selected match location: File type/platform type details shows information such as the metadata, file type, full path link of the match location, etc. Clicking the full path link will scroll and highlight the specific file or location under the "Location" column. The fields shown in this tab depend on the file type and/or platform type of the selected match location. Target Details section shows the Target name and Target group. Classification section shows information on the data classification and MIP label (if applicable).
[Match count]	Indicates the total number of matches (for "prohibited" and "match" severity levels) and displays different information about the matches. Match breakdown panel shows the overall match count and the match count by data type category. Clicking the icon next to the data type category will view the list of match samples. The maximum number of match samples that can be displayed is 1000. Match preview shows the match count breakdown per data type (in descending order, from the data type with the highest to the lowest count), the match samples, and the contextual data surrounding the match. The icon shows match sample encoding format options: Plain text (ASCII), EBCDIC (used in IBM mainframes), Hexadecimal. The icon hides the match breakdown panel to make more space for the match preview. The icon displays the match breakdown panel again.
Risk Profiles PRO	Displays risk profile information mapped to the selected match location (if any), such as the priority, the risk profile label, and the risk level.
Access PRO	Displays access permissions and ownership information for the selected match location.

To review the details in the Match Inspector window, refer to the View Investigate Page section.

PRO This feature is only available in Enterprise Recon Cloud PRO Edition. To find out more about upgrading your ER Cloud license, please contact Ground Labs Licensing. See Subscription License for more information.