Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 33 Next »

GDE is a solution that allows indexing of data on endpoints and/or fileservers without defining a share. It runs on Windows, Linux, macOS, and Pardus environments.

The GDE agent indexes/discovers many PCs or FileServers w/o defining a share. The GDE agent runs on Windows, Linux, or MacOS.

GEODI may discover FileServers if there is a share. Then, GDE is not required.

GDE crawls the EndPoint or FileServer and sends selected files to a GEODI Server. This way, you can discover and search local files w/o sharing any folder. GDE continuously crawls every 3 hours to find changed files.

With the GEODI Classifier, it is possible to classify the local files remotely.

After discovery, it is possible to remediate the local files remotely.

Installation and Configuration

A configuration file on the GEODI server determines which local folders and file types to include. This configuration may be customized by client IP, ClientUser, or ClientMachine name. So, you may target a different area for each FileServer or client.

The Agents can be manually installed on FileServers or EndPoints. But if you have many EndPoints, using a tool like ManageEngine or SCCM for deployment is suggested.

GDE agent software updates are auto. It may be set to update from a local source.

GEODI Server has a monitor panel to watch EndPoints. GEODI Agent Management Panel

Installation Checklist

Subject

Description

Create a new project or choose an existing project to index files.

A separate project is OK for discovery purposes, but adding PCs to an existing project is better if you have Enterprise Search.

This project URL must be accessible from the EndPoints.

The GDE recognizer(from discovery IT group), must be used in the project.

Create a token

Follow the procedure on this page to get the Token.

Generating a GEODI Token

As a best practice, we suggest you create a separate user for the Token. And token users' passwords should not be changed.

Follow the procedures for different OSs

These pages will lead you to each OS.

GDE Configuration Settings

The settings determine which local folders and file types to discover. There may be a single setting for all, or you may customize it by clients.

Client Monitoring

Activate GEODI Agent Management Panel

Troubleshooting

 Indexing does not start
  1. Check if the client has access to the GEODI Server. GEODI should be accessible through a browser on the client. Enter the GEODI address in a browser on the client; there should be access.

  2. The GEODI server should be accessible from the client's GDE. Using a browser on the client, enter <ClientIP>:<1982>/DEW?op=GetLastError. If everything is fine, it should return null. The ExplorerPort specified in GDE rules, e.g., ExplorerPort=1982 (or the chosen port), should be open.

  3. Inspect the Firewall, Antivirus, or any similar tool to ensure there is no blocking mechanism preventing communication.

  4. Check if the client machine is operational. GDE should be installed and running (Geodi.Desktopexplorer.exe should be in the task list).

  5. Verify the status of the received TOKEN: <GEODI_URL>/API/token_parser.html.

  6. Examine the Agent Management Panel; if the endpoint's status looks good, waiting for a while may resolve the issue. The GEODI Server queues incoming data, so the files at the endpoint might not be due yet.

  7. If everything seems correct but data is still not coming through, check the FolderList and IgnoreFolders values in the GDE rules.

  8. If you are not receiving the expected file type, ensure that the extension is not listed in the IgnoreFiles value in the GDE rules.

 Settings are not effective,
  1. The Setting file may not be a valid JSON. Validate it with an online tool.

  2. Settings will generally be adjusted in an hour. If the IP of the endpoint has changed, this may take up to 3 hours.

 Some files are not indexed

The default settings block some large files, like videos. Files larger than 100 MB or compressed files larger than 500MB are blocked. You may change the settings. The settings will be effective in about an hour.

 The endPoint has been formatted

Install the GDE as usual. The endpoint will be treated as new. The old data is preserved.

 1982 port is not avaliable
  1. You can change 1982 to anything available. Please be careful about not assigning ports that have already been used.

  2. You may set the GDE port to 0, but GEODI can not open the remote files in this case. The search and discovery are unaffected.

FAQ

 How can query files from a specific endpont?

It is no different than the other. Add layer:GDE <machinename> into query.

  1. layer:GDE <machinename> will query the files.

  2. layer:GDE <machinename> doc:*.pdf will list the PDF files.

  3. layer:GDE <machinename> doc:*.pdf contract will list the PDF files with the word contract.

 Is it possible to Classify remote files?

The GEODI legacy data classification tool classifies remote files if you have the classification agent installed on the same endpoint.

 Is it possible to remediate remote files?

Yes, GEODI remediation tools cover remote files as well. The only requirement is that the user should have delete/update permission on the remote machines. This way, GEODI deletes, makes, or encrypts remote files like the local ones.

 What happens if the endpoint machine is closed?

Search is unaffected, but you can not open/view or remediate the files.

 Does GDE copy local files?

No, GDE does not copy the local files. But if you need to backup local files, check the “backup content" in the GEODI source dialog. You may activate or deactivate this setting at any time.

 Who is going to see the files from endpoints?
  1. Sistem Admins see all files.

  2. Other users' permissions depend on Enable LDAP settings. If LDAP is enabled, then local permissions are used.

  3. It is possible to set each user to see their PC files. Please ask the DECE team how to do that.

 What happens if the endPoint is formatted?
  1. Install the GDE as usual. The endpoint will be treated as new. The old data is preserved.


GDE configuration settings

Settings should be GEODI server <GEODI_APP>/Settings/Geodi.DesktopExplorer folder named default.json. Installed GDEs will automatically retrieve this setting in about an hour.

  • Any changes will be effective in about an hour. You may change the settings while GEODI is running.

  • To define different rules for each machine, you may use additional files named

    • <ClientIP>.json

    • <ClientUserName>.json

    • <ClientMachineName>.json.

{
  "FolderList": ["%UserProfile%"],// "*" scan all directory //
  "ExplorerPort": 1982,
  "IgnoreFiles":["*.MP4","*.MOV","*.MP3"],
  "MetaData": {
	"LDAPDN":"=d.CurrentUser!=null?d.CurrentUser.DistinguishedName:null",
	"IP":"=d.ClientIP",
	"ComputerName":"=d.ClientMachineName",
	"UserName":"=d.ClientUserName"
	}
}

Setting Name

Type

Description

FolderList

string[]*

Used to specify the folders to be scanned. Folders can be identified by separating them with ",".Windows, MacOS, and Linux client folders can be used interchangeably.

The default directory is %UserProfile% ,\\Users, \\Home(includes documents, downloads, desktops, etc.).

Values are case-sensitive. Subdirectories can also be defined as %UserProfile%\\Desktop.

You can use ["*"] to scan all disks.

ExplorerPort

int

The default is 1982.

Alternatively, you may set the port value to 0. Discovery and search will be fine, but GEODI can not open the local files in this case.

EnableLDAP

bool

If a true value is given, LDAP authorizations of the files are also indexed.

Default value: false

IgnoreFolders

string[]

List of folders to ignore. * is accepted. Used in combination with the settings under Geodi Settings/IgnoreFolders.

Example: ["*:\\data","C:\User*"]

Default value: null

(info) GEODI central file/folder ignore rules always take precedence. The restrictions specified within the settings are applied additionally.

(info) By default, to safeguard the network resource, only the name and date of files larger than 100MB are indexed. This limit is set to 500MB for compressed file contents. These values can be modified on the GEODI server.

IgnoreFiles

string[]

List of folders to ignore. * is accepted and used with the settings under Geodi Settings/IgnoreFileTypes.

Default value:["*.MP4","*.MOV","*.MP3"]

(info) GEODI central file/folder ignore rules always take precedence. The restrictions specified within the settings are applied additionally.

(info) By default, to safeguard the network resource, only the name and date of files larger than 100MB are indexed. This limit is set to 500MB for compressed file contents. These values can be modified on the GEODI server.

Metadata

You can define metadata for parsing files from clients. These metadata are specified in the settings file. The values used in the default settings can be seen in the example file.

Searching with metadata is done with <metaname>:<value> Example IP:192.168.1.1

The defined metadata and values will be visible in the GEODI search interface.

GDE API

You may use a browser to make these calls.

<ClientIP>:<1982>/DEW?op=GetStatus

Gets the status of GDE Agent

{"StatusText":"","RequestCount":0,"FileCount":0,"SendCount":0,"IgnoreCount":0,"Server":"<GEODI_URL>"}

(info) Default port = 1982, may be different

<ClientIP>:<1982>/DEW?op=GetLastError

Gets the GDE agent errors.

If no error, retuns null. Else

{"Server":"<GEODI_URL>", "LastErrorTime": {}, "LastError" : "", "TotalErrorCount": n}

Token Creation

  1. Log in with a user accessing the Source that GDEs will feed.

  2. Open the page: <GEODI_URL>>/API/GeodiTokenApi.html?loginWithGuest=1

  3. Select the Source's name using the AllowList.

  4. Now you are ready to create the Token.

  5. This page may be used to check if a token is valid: <GEODI_URL>/API/token_parser.html

  • No labels