Versions Compared

Version Old Version 10 New Version Current
Changes made by

Utkucan Saraç (Unlicensed)

serdar ak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Server and user-side installations are required for This page is a guide for installing server and client-side tools of the GEODI Classifier.

Installation of a Manual/Automatic classification project takes about 1 -1.5hours. If GEODI is the first classification tool, you may to 2 hours. You can instantly start with ready classes . These classes are refined with many different user experiences. Porting an exiting classification environment(labels and rules) to GEODI is a quick process as well. At the end, you will be ready to distribute/install agents.

Info

You may anytime change the policies after installing the agents. Agents automatically update the policies. GEODI Classification Policy Manager allows you to override policies by groups, persons, client software, IP and more.

Note

We provide ready to use panels to watch agents and classification actions(logs).

Tip

After agents distribution users may start classification. GEODI 121 online course is enough for end users to learn classification for Desktop and Office classification.

The following is the basic roadmap for the installation.

Image Removed

...

if you have no previous classification tool. You can change or customize all rules for a specific group or condition. There is only one agent, and agent software and policy updates are automatic.

You can monitor agents using our agent panel. You may use the built-in log panel or a SIEM to monitor classification activities.

Training material for end-users is provided in https://decesw.atlassian.net/wiki/spaces/geodien/pages/3966664747/GEODI+121+-+Classification+tools+User+Training?atl_f=PAGETREE and GEODI Classifier Office and Other Plugins User Guide .

Table of Contents
maxLevel6
minLevel1
include
outlinefalse
indent
exclude
typelist
printablefalse
class

Frequently Asked Questions (FAQ)

Expand
titleCan we store classification logs in a database, syslog, CEF, or CSV format?
Info

The result format is selected from the GEODI classification settings interface.

GEODI Classifier Logs

Expand
titleCan we classify files discovered with GDE on remote PCs in-place?
Info

If you have a Classification license for documents coming to the GEODI server through GDE, you can query and classify documents through GEODI ES, performing the classification on the source machine. The machine where the classification will take place must have our Classifier and GDE solutions installed.

Expand
titleHow long does it take for Classifier setting changes to take effect on clients?
Info

It will be updated automatically and within approximately 10 minutes.

Expand
titleDoes the date of the classified documents change?
Info

No, GEODI classification tools preserve the file date.

Expand
titleCan we exclude data related to organization employees from discovery/classification rules?
Info

Yes, in the GEODI Classification Management Interface, you can exclude email sent by users within the same domain from classification

Expand
titleCan classification be performed in Linux, Mac, or SharePoint environments?
Info

The GEODI classification solution works on Windows computers. Data discovery can be performed on Linux, MacOS, or SharePoint.

Expand
titleCan I use two classification solutions simultaneously?
Info

Yes, GEODI can adapt to the labeling scheme of an existing classification tool. This way, you can continue to use both simultaneously without additional work on the DLP side.

Expand
titleCan Header/Footer and Watermark be multilingual?
Info

  • Yes. It will decide based on the machine language. You can define multiple languages simultaneously.

  • You can use values like usernames in these settings.

  • You can define multiple lines.

  • GEODI Classifier Label/Tag Definitions

Expand
titleCan databases be classified?
Info

There is no concept of writing labels to databases. However, GEODI classification tools can report the classification of a database record and enable you to take action based on this report.

Expand
titleCan GEODI Classifier understand documents classified with a different classification tool?
Info

Yes. As long as the labeling scheme is the same, it doesn't matter which tool was used for classification. The GEODI classification tool understands the class of a previously classified file and behaves according to policy settings.

...

Child pages
depth2

Installation Roadmap

...

Checklist

Follow the steps for Classifier installation

  •  GEODI Server must be installed
  •  Activate Classification Module
  •  Activate Default Classes and Policies
  •  Ignore mail signatures (by a dictionary or mail server settings)
  •  Generate Agent MSI Package
  •  Sample Agent installation to selected clients
  •  Activate agent monitor panel
  •  Activate log analysis panel
  •  Interim review
  •  Modify Class and Policies
  •  Closing
  •  Deploy Agents to all clients

Frequently Asked Questions

Expand
titleCan we disable automatic classification for a specific group?
Info

  • Yes, with the GEODI Classification Policy Manager, you can create variations based on groups, individuals, IP addresses, and software (Word, Excel, etc.). It can be set to automatic only for one user group, manual only for others, or disabled for a specific user group if needed.

  • Changes in rules will take effect on clients approximately 10 minutes after modification.

  • GEODI Classifier Label/Tag Definitions

Expand
titleCan I perform batch classification?
Info

  • Data indexed with GEODI can be selected and automatically or manually classified. This applies to data coming from folders and GDE data sourcesYes, query the target and choose “Batch Classification” from the GEODI facet area. Files from Folder, FileServer, and GDE(PCs) will be included. Labels will be written to the respective files or as alternate data streams (ADS).

  • GEODI Classifier Batch Classification

Expand
titleHow many clients can a GEODI server support simultaneouslyWhat does Semantic Classification mean?
Info

A server specified in the system requirements for automatic classification can support 3000+ usersIt is the classification of files discovered in GEODI based on query results.

GEODI discovers IBAN, Credit Card, money, document type, date, and the document type. The class secret rule may contain Money>1M TL. GEODI recognizes money in many different forms. This is an example of semantic classification. Similarly, the class classified may contain a rule “if a contract.” GEODI understands whether a document is a contract with AI.

Expand
titleDo agents strain the endpointDoes the date of the classified documents change?
Info

No, the GEODI Classification and GDE (Discovery) agents are designed to impose minimal load on the endpoint/client machinesGEODI classification tools preserve the file date.

Expand
titleIs GEODI Data Discovery necessary for classificationCan we classify files discovered with GDE on remote PCs in-place?
Info

NoSuppose you have a Classification license for documents coming to the GEODI server through GDE. In that case, you can use classification independently without data discovery. However, the identifiers and rules that come with GEODI Data Discovery will enhance the performance of automatic classificationquery and classify documents through GEODI ES, performing the classification on the source machine. The machine where the classification will occur must have our Classifier and GDE solutions installed.

Expand
titleWhat does Semantic Classification meanCan databases be classified?
Info

It is the classification of files discovered in GEODI based on query resultsThere is no concept of writing labels to databases. However, GEODI classification tools can report the classification of a database record and enable you to take action based on this report.

  • GEODI logs include the given class and potential automatic class. By using this information, situations like class upgrades or downgrades can be analyzed. Permission for class downgrade depends on policy settings.

    • GEODI Classifier Logs
    Expand
    titleCan we verify the accuracy of manual classification by analyzing the logs?
    Info
    internal e-mails in an organization(same domain) exluded from classifcation?
    Info

    Yes, in the GEODI Classification Management Interface, you can optionally exclude emails sent by users within the same domain from the classification.

    Expand
    titleCan Header/Footer and Watermark be multilingual?
    Info

    • Yes. You can define multiple languages.

    • The language is chosen by machine language.

    • You can use values like usernames in these settings.

    • You can define multiple lines.

    • GEODI Classifier Label/Tag Definitions

    Expand
    titleIs 'Allow Class Lowering' permitted?
    Info

    • Depending on policies, you can allow or prohibit class lowering for all or specific sets of users.

    • You can also use the rule that prohibits giving a class below automatic classification

    .
    Expand
    titleCan the removal or deactivation of agents and plugins be prevented?
    Info
    Yes, by default, Office plugins cannot be removed or deactivated by a Windows user

    • .

    Expand
    titleHow do I exclude email signatures?
    Info

    The dictionary operations used in personal data detection can be applied to email signatures.

    The method of adding email signatures when sending an email can be performed. E-mail signatures contain the sender's PII information. To ignore this, you must either change e-mail server settings or prepare a dictionary. GEODI Classifier - Class and Policy settings - geodi-en - Confluence (atlassian.net) page explains how to do it.

    The method used for Exchange servers, please provide https://learn.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/disclaimers-signatures-footers-or-headersthe link.

    Expand
    titleWhat is the format for classification log
    Info

    The result format can be a DB, syslog, CEF, or CSV.

    You may use a SIEM or Log Analysis Panel to monitor and analyze the logs.

    GEODI Classifier Log Analysis Panel and Classifier Project

    Expand
    titleHow will the

    ...

    agents

    ...

    deploy?
    Info

    • You can use ManageEngine, PDQ, SCCM, or a similar tool.

    ...

    • The GEODI Classification solution automatically generates the MSI and parameters required for agent deployment.

    ...

    • Agents check updates every two days.

    • If there are few machines, you can manually run the MSI.

    • Agents are monitored from a panel. Agent Management Panel

    GEODI Classifier Windows Client Installation

    ...

    The completion of client installation should be verified.

    ...

    Access to the GEODI server must be ensured.

    ...

    Expand
    title

    ...

    Can the uninstall or deactivation of agents be prevented?
    Info

    Yes, by default, Windows users cannot remove or deactivate Office plugins.

    Expand
    titleDo agents strain the endpoint?
    Info

    No, the GEODI Classification and GDE (Discovery) agents are designed to impose minimal load on the endpoint/client machines.

    Expand
    titleHow long does it take the policy changes take effect on the clients?
    Info

    Clients will be updated automatically and within approximately 10 minutes.

    Expand
    title

    ...

    Info

    The rules become active when clients connect to GEODI at least once.

    ...

    titleIn case of no access to the GEODI server

    ...

    Can Classification Add-ons work offline
    Info

    Yes, offline is possible for add-ons

    • The add-ons must at least once access to GEODI server to get the policies

    • Only Manual classification is possible. The automatic classification is not available.

    • Rules from the last connection are

    ...

    • used.

    • Logs are accumulated and transferred when a connection to the server is established

    ...

    • .

    Expand
    titleHow are files without label support classified?
    Info

    • Files without label support are classified using the ADS (Alternate Data Stream) method for files other than PDF and Office documents.

    Expand
    titleHow can see ADS labels?

    ADS(Alternate Data Stream) is an NTFS feature. To list it, use the “dir /r" command.

    ADS labels are a feature of the NTFS filesystem and may sometimes not be preserved.

    1. Labels are preserved

      1. Rename the file

      2. Change file extension txt → log - mp4 → avi

      3. Copy the file to another NTFS filesystem with or w/o the GEODI classifier installed.

    2. Labels are not preserved

      1. The file is copied through RDP, Wetransfer, or similar ways.

      2. The file is copied to non-NTFS filesystem

      3. The file is carried in a compressed file (Rar/zip=

      4. The file is attached to an e-mail

    Expand
    titleCan I use two classification solutions simultaneously?
    Info

    Yes, GEODI can adapt to the labeling scheme of an existing classification tool. This allows you to continue using both simultaneously without additional work on the DLP side.

    Expand
    titleCan classification be performed in Linux, Mac, or SharePoint environments?
    Info

    The GEODI classification solution works on Windows computers. Data discovery can be performed on Linux, MacOS, or SharePoint.

    Expand
    titleCan GEODI Classifier understand documents classified with a different classification tool?
    Info

    Yes. As long as the labeling scheme is the same, it doesn't matter which tool was used for the classification. The GEODI classification tool understands the class of a previously classified file and behaves according to policy settings.

    Expand
    titleIs GEODI Classifier compatible with MIP(Microsoft Information Protection) labels.
    Info

    Yes. GEODI Classifier is compatible with MIP and other schemas as well.

    Troubleshooting

    Expand
    titleIf office extensions or desktop classification is not active
    Info

    • The client installation should be verified.

    • Clients must access to GEODI at least once

    • The validity of the GEODI token should be checked.

    Expand
    titleAutomatic Classification is not active.
    Info

    There is no access to the GEODI server, or automatic classification may be disabled in the policy settings.

    Expand
    titleClassification is taking a long time.
    Info

    Automatic classification may sometimes take a long time due to network traffic, server load, and file sizes. If such situations persist, please consider the upload times of the files you are using in Word and ExcelGEODI reads the file content for auto-classification. Opening with Word or Excel may also take a long time.

    Expand
    titleEmail signatures are perceived recognized as personal data
    Info
    The phone numbers and personal names found in email signatures are recognized by GEODI, and therefore, classification is done as personal data. To overcome this, creating a user dictionary and setting classification rules to exclude this dictionary will resolve the issue with email signatures
    Expand
    titleClassification agents and Add-ins cannot see the GEODI server.
    Info

    • If GEODI is closed,

    • If the GEODI port is not open

    If add-ons at least once accessed the GEODI server and got the policies:

    • Only Manual classification is possible. The automatic classification is not available.

    • Rules from the last connection are used.

    • Logs are accumulated and transferred when a connection to the server is established.

    Expand
    titleHow to send a large number of emails simultaneously, like Mail Merge?
    Info

    Under normal circumstances, a classification pop-up opens for each email. To prevent this in bulk emails, you just need to add the %AutoClass% expression to the email body or Word document for mail merge. The sent emails will be automatically classified without opening a pop-up.

    Alternatively, you can create a separate classification policy for Outlook/OWA.

    Expand
    titleClassification Agents are not updating automatically.
    Info

    The classification agents automatically check whether there is the server has an up-to-date version on the server every two days. Access to documents.decesoftware.com should be provided for this control and automatic update process. If access is available but automatic installation is not occurring, firewall settings should also be checked.

    Expand
    titleOutlook mails has label but no header or footer
    Info

    Check “Cash Mode” to true in users “Exchange Account Settings”.