/
Workflows

Workflows

Workflows automate one or more tasks within GEODI. They serve a variety of purposes, such as:

🔐 Data Remediation → Automatically delete, quarantine, or classify sensitive content identified during discovery

🚨 Alerts → Trigger notifications when risky or sensitive data is detected (e.g., a CV uploaded to a shared folder)

⚙️ Automation → After discovering, generate a report and send a notification automatically.

GEODI’s workflows can achieve much more, from compliance enforcement to advanced data lifecycle automation.

You can manage workflows from the top-right menu in the GEODI ES interface. Only users in the SystemAdmin group have the right to manager Workflows.:

 

A workflow in GEODI typically consists of 2 or 3 components:

Query

Actions

Events/Trigger Condition

Query

Actions

Events/Trigger Condition

Defines what content the workflow will act on.
This could be a predefined query (e.g., predefined:PII) or a specific data source.

 

Specifies what should happen to the content, such as:

  • Delete, quarantine, mask, or classify

  • Send an email, generate a report, etc.

 

You may define an event-based trigger like:

  • “When discovery finishes”

  • “When new risky data is found”
    However, all actions can be executed manually, regardless of conditions.

 

 

image-20251225-064122.png

Query

The query defines which content the workflow will be executed on.

Some content in the query may not be processed, due to some reason:

  1. An action like masking or classification may not support the content.

  2. Content may be read-only.

  3. The source may not support remediation.

  4. The Enable remediation flag may be unchecked in the Project Wizard.

  5. The content may be corrupt.

  6. There could be an issue in the system (network, disk, or endpoint access). (may be processed in the next run)

 

For scheduled workflows, to prevent reprocessing the same content repeatedly, each workflow processes a given piece of content only once. Running the same workflow again will not, for example, reclassify content that was already processed. A re-run only includes new or modified content.

In contrast, Run Now processes all content every time it is executed.

 

Versions are not processed by workflows. The only action that applies to versions is the forget action.

 

Delete Action

Copy Action

Mask/Anonymize Action

Classify Action

Encrypt Action

Forget Action

Send E-Mail/Notification Action

Events

Workflow Monitoring

Data Source Write Permissions for Remediation

 

 

Examples

The following examples cover a few scenarios you can create with actions. You can design many more.

Quarantine and Send Email

Copy + Delete + Send Email

The email recipients can be a specific group.

You will determine which data to include through a query.

Create Masked Copy

Mask (This will create masked copies in the provided file) + Send Email

Classify as You Discover

Classify + Event (Classify during discovery and at the end of discovery)

Generate Report at the End of Scan and Send Email

Email (with attached report) + Event (During discovery and at the end of discovery)

Automatically Mask Risky Data

Query + Mask + Send Email

Create Alert

Query + Event (During discovery and at the end of discovery) + Send Email