How to create a Search Task
How to create an Ascema Search Tasklink
Search tasks are where you begin the process of managing your sensitive data with the Ascema system. A search task lets you define the sensitive data that you are concerned about and where to look for it on endpoint devices. In order to be able to create a Search Task you must have a user account and be logged in to the Ascema Endpoint manager. See How to manage Ascema user accounts.
Creating a new Search Tasklink
Creating a search task will usually be one of the first things you do after installing the Ascema system. From the menu under the Tasks heading select the Create New option
This will display the Create New Task screen. On this screen you can choose which type of new task to create, to create a new Search task select the Create new Search Task option
Search Task namelink
This guide will walk you through creating a typical Search Task.
- Select Create new Search Task
- The first stage of the create Search Task wizard will be displayed
Across the top of the wizard is a progress monitor indicating where you are in the process of creating the new Search Task. In this case the the start of the process where you will give the search item a unique name which you can use to manage it in the future.
- Give your Search Task a unique and meaningful name to help you manage it - this name will also appear on end user reports so a clear and informative name will be best
- The task priority will be passed to the agent as an indicator of how urgent the task is and how much system resource it should request. Leave it at the default value for this example
When this stage of the wizard is complete select the Next button
The completed first part of the wizard now looks like this
- The Automated Alerts checkbox will set the default for whether searches for this task should alert Agents.
- Having selected Next proceed to the next stage of the wizard
Search Task patternslink
- You can define your search for National Insurance Numbers with a simple pattern
- Click the Select Pattern button
- The simple patterns have been organised into categories according to the countries where they originate
- National Insurance Number originates in the United Kingdom so select that row of the table
- You choose the pattern you want by selecting the + symbol to add it to your search
- Click the Select Pattern button again to close the pattern selections
- You will now see your selection confirmed
- The menu option for confidence would allow you to report on items where Ascema is less confident that they match the pattern you are looking for
- The option for minimum matches would allow you to set a number of matches in a single file below which the search will treat the file as not matching
- Leave the default values as they are for this exercise
- With the search pattern selected you are ready to proceed to the filters selection stage of the wizard
- Select Next to proceed to the last part of the wizard
Additional search patterns may be added to a search. An item which is found to match any of the patterns will be reported and optionally alerted to the user.
Setting Search filterslink
The filter stage of the wizard is where you can define a series of filters to define where Ascema will search for the senstitive data
By file type: from the list of file types seen here or from additional file types you define for yourself
- By folder type: whether to include hidden or system folders in the search
By file created or modified date: to include only files which have been created or modified within defined date ranges
To select a file type simply click the slider button next to the description.
- To un-select a file type click the slider button again so that it returns to the unselected position
- The Select all option will cause the search to look through all files of all types, searches with this option will take longer to complete
- To look for data in regular documents you can select a set of file types as shown here
- Next you will review the options for filtering by directory
- Select the Folder type radio button
- As you can see the Ascema system will not by default search in hidden or system folders where users would not normally store documents
- Leave these defaults as they are
- Next you will review the options for filtering by date range
- As you can see by default Ascema will search for all files regardless of creation or modified date
- Leave these defaults as they are
The dates on this filter are inclusive - so for example if you set a Modified After date of 2015-01-01 then a file which had been modified on that date would be included in the search and any sensitive data in it would be alerted.
Saving the Search Tasklink
- The wizard is now complete
- You may use the Back and Next buttons to review the entries you have made for this Search Task
- When you have reviewed the entries select Finish
- The Search Task will be created and you will be returned to the Search Tasks screen
- The new Search Task will be indicated with a clear Never Run indicator to highlight that it has not yet been run
- For guidance on how to Run search tasks see How to run an Ascema Search Instance