Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Current »

After a discovery is completed, you need to inspect the results. GEODI provides many ways of inspection: reports, panels, and predefined queries. Here, we will give details about the predefined queries.

Let’s assume that we have carried out a discovery for PCI/DSS and inspection the results. The following query will tell you which content and source has findings related to PCI/DSS.

predefined:PCI

This query covers all credit card, CVV, PIN, or Password findings. GEODI will list all content, and the facet will show you details about data sources and the number of findings.

This will give you an essential initial insight into conforming and non-conforming sources. The rest is yours to take precautions, like delete or quarantine actions. You may repeat the process until you see 0 findings on risky sources.

Queries affect reports and panels, so you can use predefined:PCI along with ContentFinding, ContentFindng(DB), and ContentFinding(Sources) reports. This report will have more detailed information if you need it.

The following predefined query queries PII data. PII data has some rules in GDPR and in other regulations. This query covers all the rules. The details mentioned for predefined PCII are also valid for this one.

predefined:PII

You may wonder how GEODI handles country-specific situations, how it knows which ID is used, etc. Don’t worry; we have taken all this into account while developing the recognizers. Predefined:PII query works for all countries as expected.

For deletion, quarantine, or masking, you need to address legacy data older than 5 years. While this is possible with GEODI, it is easier to do it with predefined queries.

The following query will address legacy data older than five years, taking only content dates into account.

predefined:O5Y

You can query data older than 5 years with this query

predefined:O10Y

You can query data older than 10 years with this query

Inspection requires permission. GEODI has a few ways to inspect permissions.

user:<user|group>

This query lists the content a user or group can see.

System admins can also check who can see a document by clicking on it.

Other Predefined queries

query

purpose

predefined:Money

Content wşth money. Discovery recognizes many money types, $, Euro, Pound or KSA riyal. This query query all.

predefined:CreditCard

GEODI Discovery covers more than 10 CC plus Test Cards.

predefined:DB

DB content returns. DB includes SQL Server, Oracle and also sqlite, mdb types. File-based DB’s may be found in file servers or in a mail attachment.

predefined:Videos

Video content.

predefined:Images

Image content.

predefined:Web

Web content, including mails.

predefined:Maskcontent

Content that can be masked.

predefined:Local

Content that is local, not from web, not from GDE etc.

predefined:GDE

Content fed by GDE.

Predefined:PII

PII findings. This query adapt itself to local rules, and IDs etc.

**

  • No labels