/
Classification

Classification

GEODI Classifier is a set of tools that allows you to classify file, e-mail or DB content.

Classification may be:

Automatic

In automatic mode, GEODI determines the class based on content using rule-based and AI-based techniques. This greatly reduces the risk associated with human interaction.

For emails, the classes of attachments are also taken into account.

Manual

Users decide the class, which is naturally prone to errors. GEODI provides various tools to analyze and detect possible errors in manual classification.

In batch

GEODI workflows allow classifying files or database content as part of the remediation process. The scope includes Folders, S3, SharePoint, OneDrive, Google Workspace, Databases, Endpoints and more. Endpoints may run on Windows, macOS, or Linux.

Automatic

In automatic mode, GEODI determines the class based on content using rule-based and AI-based techniques. This greatly reduces the risk associated with human interaction.

For emails, the classes of attachments are also taken into account.

Manual

Users decide the class, which is naturally prone to errors. GEODI provides various tools to analyze and detect possible errors in manual classification.

In batch

GEODI workflows allow classifying files or database content as part of the remediation process. The scope includes Folders, S3, SharePoint, OneDrive, Google Workspace, Databases, Endpoints and more. Endpoints may run on Windows, macOS, or Linux.

Components

GEODI Classifier has many component which work in harmony.

GEODI Server

GEODI Server is the core of the classification process. It manages policies, distributes them, executes automatic classification actions, handles logs, and more.

 

Classifier Agent

The Agent runs on endpoints and integrates with Microsoft Office and File Explorer on Windows machines. Policy and agent software updates are performed automatically.

 

OWA add-on

OWA runs on Outlook Web App or Exchange mail servers and classifies outgoing emails.

 

Workflows

Workflows allow classifying files or database content on on-premises or cloud storages and databases. Endpoints require the GDE Agent to be installed.

 

DLP Issues

If GEODI Classifier is your first classification tool, you can start with the default classes and automatic rules in GEODI and have the system up and running within a few hours. If you already have a DLP, defining the default labels in the DLP will be sufficient. Classification policy updates are automatic, and you can limit which users are affected.

If you already use a DLP and a classification tool, GEODI Classifier easily adapts to your existing rules—there’s no need to change any settings on the DLP side. You simply provide a sample Word document for each class. Defining these classes and labels in GEODI Classifier is straightforward, and the system can be operational within hours.

Some DLPs may cause user complaints on endpoints due to content discovery rules running locally. With GEODI, you won’t need any of those—GEODI performs all discovery and classification tasks automatically without causing any stress on the endpoint.

 

User Adaptation

GEODI Classifier includes add-ons for Desktop and Microsoft Office applications such as Word, Excel, PowerPoint, and Outlook. A short public training video titled GEODI 121 is available on YouTube to help users get started quickly.

The user interface is, of course, different from other classification tools. We have designed it to be as simple as possible on the endpoint, with automatic classification playing a key role in that simplicity. GEODI performs automatically what most other tools require user interaction and complexity to achieve. Therefore, you can be confident that users will easily adapt to GEODI.

Agent Deployment and Monitoring

GEODI Classifier uses a single agent, and to simplify deployment, the batch installation file is generated automatically. You can use tools like SCCM or PDQ for mass deployment, or install it manually if you have only a few agents.

The Agent Monitoring Dashboard allows you to track agent health, version status, and overall performance in real time.

 

Installing GEODI Classifier

This page explains how to install GEODI Classifier for servers and end-users.

Follow the steps for Classifier installation

The GEODI Server must be installed
Activate Classification Module
Our default template is ready for all supported countries. To be effective, you must also install the corresponding country pack.
Activate Default Classes and Policies
Generate batch params for Agent MSI Package
Sample Agent installation to selected clients
Activate the agent monitor panel
Activate the log analysis panel
Interim review
Modify Class and Policies
Closing
Deploy Agents to all clients

 

Frequently Asked Questions

  • Yes, with the GEODI Classification Policy Manager, you can create variations based on groups, individuals, IP addresses, and software (Word, Excel, etc.). It can be set to automatic only for one user group, manual only for others, or disabled for a specific user group if needed.

  • Changes in rules will take effect on clients approximately 10 minutes after modification.

  • https://decesw.atlassian.net/wiki/spaces/geodien/pages/4200398958

  • Yes, you can perform bulk classification with Workflows. Many data sources support WF operations (Folder, Endpoint, S3, Google Drive …). You can classify the files in these sources either in place or by creating a copy.

    For more details, please refer to the Actions/Workflows pages.

It is the classification of files discovered in GEODI based on query results.

GEODI discovers IBAN, Credit Card, money, document type, date, and the document type. The class secret rule may contain Money>1M TL. GEODI recognizes money in many different forms. This is an example of semantic classification. Similarly, the class classified may contain a rule “if a contract.” GEODI understands whether a document is a contract with AI.

No, GEODI classification tools preserve the file date.

Suppose you have a Classification license for documents coming to the GEODI server through GDE. In that case, you can query and classify documents through GEODI ES, performing the classification on the source machine. The machine where the classification will occur must have our Classifier and GDE solutions installed.

GEODI classifies databases based on the content of each row and writes the classification label to a specific column. Databases can also be masked or anonymized in a similar way, ensuring data protection and compliance while maintaining usability.

Yes, in the GEODI Classification Management Interface, you can optionally exclude emails sent by users within the same domain from the classification.

  • Depending on policies, you can allow or prohibit class lowering for all or specific sets of users.

  • You can also use the rule that prohibits giving a class below automatic classification.

E-mail signatures contain the sender's PII information. To ignore this, you must either change e-mail server settings or prepare a dictionary. GEODI Classifier - Class and Policy settings - geodi-en - Confluence (atlassian.net) page explains how to do it.

The method used for Exchange servers, please provide Organization-wide message disclaimers, signatures, footers, or headers in Exchange Onlinethe link.

 

The result format can be a DB, syslog, CEF, or CSV.

You may use a SIEM or Log Analysis Panel to monitor and analyze the logs.

https://decesw.atlassian.net/wiki/spaces/geodien/pages/4032987140

  • You can use ManageEngine, PDQ, SCCM, or a similar tool. The GEODI Classification solution automatically generates the MSI and parameters required for agent deployment. Agents check updates every two days.

  • If there are few machines, you can manually run the MSI.

  • Agents are monitored from a panel. https://decesw.atlassian.net/wiki/spaces/geodien/pages/4184473601

https://decesw.atlassian.net/wiki/spaces/geodien/pages/4200890404

Yes, by default, Windows users cannot remove or deactivate Office plugins.

No, the GEODI Classification and GDE (Discovery) agents are designed to impose minimal load on the endpoint/client machines.

Clients will be updated automatically and within approximately 10 minutes.

Yes, offline is possible for add-ons

  • The add-ons must at least once access to GEODI server to get the policies

  • Only Manual classification is possible. The automatic classification is not available.

  • Rules from the last connection are used.

  • Logs are accumulated and transferred when a connection to the server is established.

  • Files without label support are classified using the ADS (Alternate Data Stream) method for files other than PDF and Office documents.

ADS(Alternate Data Stream) is an NTFS feature. To list it, use the “dir /r" command.

ADS labels are a feature of the NTFS filesystem and may sometimes not be preserved.

  1. Labels are preserved

    1. Rename the file

    2. Change file extension txt → log - mp4 → avi

    3. Copy the file to another NTFS filesystem with or w/o the GEODI classifier installed.

  2. Labels are not preserved

    1. The file is copied through RDP, Wetransfer, or similar ways.

    2. The file is copied to non-NTFS filesystem

    3. The file is carried in a compressed file (Rar/zip=

    4. The file is attached to an e-mail

Yes, GEODI can adapt to the labeling scheme of an existing classification tool. This allows you to continue using both simultaneously without additional work on the DLP side.

The GEODI classification solution works on Windows computers. Data discovery can be performed on Linux, MacOS, or SharePoint.

Yes. As long as the labeling scheme is the same, it doesn't matter which tool was used for the classification. The GEODI classification tool understands the class of a previously classified file and behaves according to policy settings.

Yes. GEODI Classifier is compatible with MIP and other schemas as well.

GEODI keeps the metadata needed for classification in %appdata%\Dece\App\Classifier and uses a cache to speed up the process. To make sure your changes take effect and match the classification rules, just clear the cache.

Troubleshooting

  • The client installation should be verified.

  • Clients must access to GEODI at least once

  • The validity of the GEODI token should be checked.

There is no access to the GEODI server, or automatic classification may be disabled in the policy settings.

Automatic classification may take a long time due to network traffic, server load, and file sizes. GEODI reads the file content for auto-classification. Opening with Word or Excel may also take a long time.

  • If GEODI is closed,

  • If the GEODI port is not open

If add-ons at least once accessed the GEODI server and got the policies:

  • Only Manual classification is possible. The automatic classification is not available.

  • Rules from the last connection are used.

  • Logs are accumulated and transferred when a connection to the server is established.

Under normal circumstances, a classification pop-up opens for each email. To prevent this in bulk emails, you need to add the %AutoClass% expression to the email body or Word document for mail merge. The sent emails will be automatically classified without opening a pop-up.

Alternatively, you can create a separate classification policy for Outlook/OWA.

The classification agents automatically check whether the server has an up-to-date version every two days. Access to documents.decesoftware.com should be provided for this control and automatic update process. If access is available but automatic installation is not occurring, firewall settings should also be checked.

Check “Cash Mode” to true in users “Exchange Account Settings”.