Cytomic Data Watch settings

Accessing the settings

Click the Settings menu at the top of the console. Select Cytomic Data Watch from the side menu.
Click the Add button. The Add settings page opens.

Required permissions

Permission	Access type
Configure Cytomic Data Watch	Create, edit, delete, copy, or assign Cytomic Data Watch settings profiles.
View Cytomic Data Watch settings	View Cytomic Data Watch settings profiles.
Permissions required to access the Cytomic Data Watch settings

Requirements for finding and monitoring Microsoft Office documents

To find computers on the network lacking some or all of the required IFilter components, click the Check now link from the settings page. The Computers area opens with a list filtered by the following criteria: Computers without Microsoft Filter Pack.

Personal data (inventory, searches, and monitoring)

Generate and keep an up-to-date inventory of personal data: Shows the PII files detected on the network in the dashboard widgets and in lists. See Cytomic Data Watch panels/widgets and Cytomic Data Watch lists for more information. For the PII files stored on a specific computer to appear in the console, the inventory process must have completed on that computer.
Monitor personal data on disk: Monitors the actions executed on the PII files stored on computers.
Monitor personal data in email: Monitors the actions executed on the personal data stored in email messages.

Allow data searches on computers: Searches for files by their name or content, provided they have been previously indexed. When you select this option, Cytomic Data Watch starts indexing the files stored on users’ computers. See File searches for more information.

Exclusions

You can exclude from searches those files stored on the computers on the network whose content you do not consider appropriate to take into account.

Extensions: Type the extensions of the files you want to exclude.
Files: Type the names of the files you want to exclude. You can use wildcard characters ? and *.
Folders: Type the names of the folders whose files you want to exclude. You can use system variables and wildcard characters ? and *.

Rule-based monitoring of files

You can define rules for Cytomic Data Watch to monitor files not classified as PII. The system can store up to ten rules, each of which must have a unique name.

Monitor files on disk

Monitor the actions taken on the files selected in section Monitoring rules.

Monitor files in email

Monitor the actions taken on the email attachments that meet the rules defined in section Monitoring rules.

Monitoring rules

Shows the list of default file extensions to which monitoring is applied. You can add or remove extensions from the list. This list is common to all created rules.

If you assign a “file extension” property to a rule, the rule monitors only those files whose extension matches the extension you specify. It does not monitor all files whose extension matches those in the default list.

To add a monitoring rule, click the + icon. This opens the Add monitoring rules window where you can configure the rule settings.

Fill in the name and description fields.
Enter the condition criteria.

Property	Operator	Value
File name	Is equal to / Is not equal to	Text field. You can use wildcard characters * and ?. The character string cannot start with a wildcard character.
File path	Is equal to / Is not equal to	Text field. You can use wildcard characters * and ?. If a file system path is entered, the default separator character is \. You must use the wildcard character * when defining a rule with the File path field. The character string cannot start with a wildcard character.
File content	Is equal to / Is not equal to	Text field. You can use wildcard characters * and ?. The character string cannot start with a wildcard character.
File extension	Is equal to / Is not equal to	Text field. You cannot use wildcard characters. File extensions must be entered without the dot character.
Fields for configuring conditions

New condition

Add more conditions to the rule. Logical operators AND/OR are applied.

Logical operators

To combine two or more conditions in the same rule, use the logical operators AND and OR. When you add a second or more conditions to a rule, a drop-down menu with the available logical operators is automatically displayed. These operators apply to the adjacent conditions.

Rule condition groupings

In a logical expression, parentheses are used to change the order in which the operators that relate rule conditions are evaluated.

As such, to group two or more conditions in a parenthesis, you must create a grouping by selecting the consecutive rules that will be part of the group and clicking Group conditions. A thin line appears connecting the monitoring rules that are part of the grouping.

The use of parentheses enables you to group operands at different levels in a logical expression.

Examples of monitoring rules

Property	Content	Search
File path	c:\path\*	Searches all files and folders located in C:\path\
File path	c:\path\ c:\path	Wrong format. No results are returned.
File extension	txt	Searches TXT files.
File extension	.txt	Wrong format. No results are returned.
File name	FileName	Returns all files whose name is “FileName".
File name	FileName*	Returns all files whose name starts with "FileName".
File name	?FileName *FileName	Wrong format. No results are returned.
Examples of monitoring rules

Advanced indexing options

To view the indexing status of your network, click the View your computers’ indexing status link. The Cytomic Data Watch status list opens.

Index the following content

This section enables you to define the type of content to be considered when generating inventories and performing searches.

Computers whose contents have already been indexed and receive a change of settings delete the index and restart the indexing process from the beginning.

You can choose between two different types of indexing operations depending on whether you just want to generate an inventory of PII files across the network or search files by content:

Index text only: Only text is indexed unless it is part of an entity recognized by Cytomic Data Watch. With this indexing option selected, searches by content are more limited. Therefore, this option is recommended if you just want to generate an inventory of PII files across the network.
Index all content: This option indexes both texts and alphanumeric characters. This is the recommended option if, in addition to generating an inventory of PII files across the network, you also want to perform accurate content searches.

Cytomic Data Watch searches for contents in files based on the option selected in the Index the following content section. If your computers have different indexing settings profiles assigned, search results might not be homogeneous.

Schedule indexing

This section enables you to set the days and times when you want the indexing process to start if required:

Always enabled: There is not a set schedule. The indexing process start when required.
Enable only during the following times: Select, in the calendar, the days and times when you want the indexing process to start.
Use the Clear and Select all buttons to clear or select all cells in the calendar (the latter is equivalent to selecting the Always enabled option).

Write to removable storage drives

This section enables you to restrict write to USB external storage media.

Allow write to removable drives only when the drive is encrypted: If this option is selected, the user can write only to USB external storage media previously encrypted with Cytomic Encryption or BitLocker.

The Device control settings defined in Workstations and servers take precedence over the settings defined in the Cytomic Data Watch section. So, if the Device control feature is enabled and does not allow USB drives to be read or written to, it is not possible to write to them, regardless of whether the drive is encrypted or not. See Device control (Windows computers) for more information.