How to run an Ascema Search Instance
How to run an Ascema Search Instancelink
In the Ascema system when you actually run a search for sensitive data against a number of endpoint devices you create and manage this through a Search Instance.
In order to create a Search Instance you must have a user account and be logged in to the Ascema Endpoint manager; see How to manage Ascema user accounts.
Each Search Instance will be derived from a Search Task that defines what the search will look for and where it will look on the Endpoint Devices; see How to create an Ascema Search Task.
Creating a Search Instancelink
For this example you will start with the Search Instance previously created in How to create an Ascema Search Task.
- From the menu under the Tasks heading choose the View Tasks option
- The Search Tasks and Real-time Protection Tasks will be displayed
- The Search task created in the previous walkthrough will be displayed with a Never Run annotation as it is a new task
- Select the Run button
- The Run Search dialog will be displayed
- The Run Dialog will be populated from the defaults defined during the creation of the Search Task
- The Instance Name will be generated from the Search Task name to create a unique identifier for each Search Instance
- Accept the defaults for the Search Instance by selecting the Run Task button
- You will see an overview of the instance created
Search instance details reportlink
- The instance overview can be viewed at any time from the Search Tasks screen by selecting the open icon on the Search Tasks - the small arrow icon which has been highlighted
- To see further details on the Search Instance select the View Details
- The details screen will show further details on the Search Instance
- This screen will be updated as the search proceeds
- In addition to the overall Search Instance details this screen will show the search progress on each endpoint device.
- The highlighted filter field will allow you to view progress on specific devices
- You can filter on any of the device details; User Name, Hostname, IP address, User Email or Location
- From the search Instance Details you can select the View reports button for any device
The report view is the same as if you were the Device owner viewing their personal Device report
See How to review your Ascema report for how to navigate and use this report
From this view of the Endpoint Device report you are able to see the same information as the Endpoint user; however you will not see the link item to directly open the file alerted when viewing the report through the Endpoint Manager user interface.
From here you may also take the same actions to mark an item resolved as the Endpoint user; see How to record your data resolution with Ascema