Skip to content

How to use the ignore function to improve search accuracy

How to use the ignore function to improve Ascema search accuracylink

As part of its operation the Ascema system will sometimes find items which match on a pattern for sensitive data but which when viewed in context are not items that are sensitive and require management. The Ascema system enables users to mark such items as This is a false match. The Ascema Endpoint manager enables you to confirm these items as false matches - see How to manage user resolved data items.

Where the Ascema system is alerting on an item which is not sensitive data and which might appear in many places the Ignore Item facility can be used to teach the Ascema search to not alert and report on it.

In order to mark items to be ignored you must have a user account and be logged in to the Ascema Endpoint manager; see How to manage Ascema user accounts.

Locating a false match and using the ignore functionlink

When an Ascema search is run it may find some items which match the chosen pattern but which users identify as not being sensitive data. These items may be resolved by users as false matches. Reported false matches are the usual starting point for deciding that a particular pattern should be ignored by the Ascema system.

  • Within the Ascema Search Reports use the Filter by status to view all the User Resolved Items
  • A list of devices will be displayed on which there are one or more User Resolved Items
  • You can explore and see detail on the data items as described in How to use the Ascema Search Reports to review sensitive data management
  • Once you have identified a data item for which the resolution has been correctly identified as a false match you can right click on the item to reveal the administration menu
  • Place your mouse pointer over the Ignore this match menu option to see the ignore options available

  • There are three levels at which you can choose to ignore an alerted pattern

  • Just this file - instances of the pattern in this file on this device will be ignored

  • In files with this name on any device
  • Everywhere - in all searched files on all devices

  • Choose the scope at which this data should be ignored

  • The item will no longer be visible on the search report or on user's personal device reports
  • Further searches for will no longer alert on this precise value of data
  • The Search Report page will now show an additional control to Show ignored results on Filter by status
  • The Ascema system has now been trained to ignore this particular value when searching for patterns which match it

Info

In this example the only two instances of the value set to ignored were in the same file. This view of the ignored data should be used to check that the effect of ignoring the value was as expected.

Removing a value from the ignore listlink

  • The instruction to the Ascema system to ignore certain data values may on occasion need to be reviewed either in part or completely.
  • On the Search Reports page select the Fileter by status control for Show ignored results and unselect the controls for resolution status
  • Once you have identified a data item for which the resolution has been correctly identified as a false match you can right click on the item to reveal the administration menu
  • Place your mouse pointer over the Unignore this match menu option to see the unignore options available

  • There are three levels at which you can choose to unignore an alerted pattern

  • Just this file - instances of the pattern in this file on this device will no longer be ignored

  • In files with this name on any device
  • Everywhere - in all searched files on all devices

  • Choose the scope at which this data should be unignored

  • The item will immediately become visible on the search report or on user's personal device reports
  • Further searches for will once again alert on this value of data

Info

You can ignore a data value in a wide scope and then unignore it in a narrower scope - it will then only be alerted and require management in the places where you chose to unignore the data.