Arctera Insight Information Governance Administrator's Guide

Last Published:
Product(s): Data Insight (7.2)
Platform: Windows
  1. Section I. Getting started
    1. Introduction to Arctera Insight Information Governance administration
      1. About Arctera Insight Information Governance administration
        1.  
          Operation icons on the Management Console
        2.  
          Information Governance administration tasks
    2. Configuring Information Governance global settings
      1.  
        About Information Governance licensing
      2.  
        SQLite WAL mode
      3.  
        Configuring SMTP server settings
      4. About scanning and event monitoring
        1. Configuring scanning and event monitoring
          1.  
            Considerations for running a parallel scan
      5.  
        Monitoring Indexer Node Storage Utilization
      6. About filtering certain accounts, IP addresses, and paths
        1.  
          About exclude rules for access events
        2.  
          About exclude rules for Scanner
        3. Adding exclude rules to Information Governance
          1.  
            Add/Edit Exclude rule for access events options
          2.  
            Add/Edit Exclude rule for Scanner options
      7. About archiving data
        1.  
          About purging data
        2.  
          Configuring data retention settings
        3.  
          Parameterized Purging of access data using Data Retention
        4.  
          Purging indexes by date/whitespace for deleted files
      8. About Information Governance integration with Data Loss Prevention (DLP)
        1.  
          About configuring Information Governance to integrate with Data Loss Prevention (DLP)
        2.  
          Configuring Data Loss Prevention settings
        3.  
          Importing SSL certificate from the DLP Enforce Server to Information Governance Management Server
        4.  
          About Data Loss Prevention (DLP) integration with Information Governance
      9.  
        Importing sensitive files information through CSV
      10. Configuring advanced analytics
        1.  
          Choosing custom attributes for advanced analytics
      11. About open shares
        1.  
          Configuring an open share policy
      12. About user risk score
        1.  
          User risk weight configuration
      13.  
        Configuring file groups
      14.  
        Configuring Workspace data owner policy
      15.  
        Configuring Management Console settings
      16. About bulk assignment of custodians
        1.  
          Assigning custodians in bulk using a CSV file
        2.  
          Assigning custodians based on data ownership
      17.  
        Configuring Watchlist settings
      18. Configuring Metadata Framework
        1.  
          Using the metadata framework for classification and remediation
      19.  
        Proof of concept
  2. Section II. Configuring Information Governance
    1. Configuring Information Governance product users
      1.  
        About Information Governance users and roles
      2.  
        Reviewing current users and privileges
      3. Adding a user
        1.  
          Add or edit Information Governance user options
      4.  
        Editing users
      5.  
        Deleting users
      6.  
        Configuring authorization for Data Loss Prevention users
      7.  
        Configuring single sign-on (SSO) using security assertion markup language (SAML)
      8.  
        Disabling single sign-on (SSO)
    2. Configuring Information Governance product servers
      1.  
        About Information Governance product servers
      2.  
        Adding a new Information Governance server
      3.  
        Managing Information Governance product servers
      4.  
        Viewing Information Governance server details
      5. About node templates
        1.  
          Managing node templates
        2.  
          Adding or editing node templates
      6.  
        Adding Portal role to a Information Governance server
      7.  
        Adding Classification Server role to a Information Governance server
      8.  
        Assigning Classification Server to a Collector
      9.  
        Associating a Classification Server pool to a Collector
      10.  
        Viewing in-progress scans
      11.  
        Configuring Information Governance services
      12.  
        Configuring advanced settings
      13.  
        Monitoring Information Governance jobs
      14.  
        Rotating the encryption keys
      15.  
        Viewing Information Governance server statistics
      16. About automated alerts for patches and upgrades
        1.  
          Viewing and installing recommended upgrades and patches
      17.  
        Deploying upgrades and patches remotely
      18.  
        Using the Upload Manager utility
      19.  
        About migrating storage devices across Indexers
      20.  
        Viewing the status of a remote installation
    3. Configuring saved credentials
      1. About saved credentials
        1.  
          Managing saved credentials
      2.  
        Handling changes in account password
      3.  
        Information Governance Hash Utility
    4. Configuring directory service domains
      1.  
        About directory domain scans
      2. Adding a directory service domain to Information Governance
        1.  
          Add/Edit Active Directory options
        2.  
          Add/Edit LDAP domain options
        3.  
          Add/Edit NIS domain options
        4.  
          Add/Edit NIS+ domain options
        5. Add/Edit Azure active directory service
          1.  
            Prerequisites for configuring Azure AD
          2.  
            Registering Information Governance with Microsoft to scan Azure AD
          3.  
            Configuring application without user impersonation for Microsoft 365
          4.  
            Creating an application in the Microsoft Azure portal
      3.  
        Managing directory service domains
      4.  
        Fetching users and groups data from NIS+ scanner
      5.  
        Configuring attributes for advanced analytics
      6.  
        Deleting directory service domains
      7.  
        Scheduling scans
      8.  
        Configuring business unit mappings
      9.  
        Importing additional attributes for users and user groups
    5. Configuring containers
      1.  
        About containers
      2. Adding containers
        1.  
          Add new container/Edit container options
      3.  
        Managing containers
    6. Server Pools
      1.  
        About Server Pools
      2.  
        Adding Server Pools
      3.  
        Managing Server Pools
  3. Section III. Configuring native file systems in Information Governance
    1. Configuring clustered NetApp file server monitoring
      1.  
        About configuring a clustered NetApp file server
      2.  
        About configuring FPolicy in Cluster-Mode
      3.  
        Pre-requisites for configuring clustered NetApp file servers
      4.  
        Credentials required for configuring a clustered NetApp file server
      5.  
        Preparing a non-administrator local user on the clustered NetApp filer
      6.  
        Preparing a non-administrator domain user on a NetApp cluster for Information Governance
      7.  
        Persistent Store
      8.  
        Preparing Information Governance for FPolicy in NetApp Cluster-Mode
      9.  
        Preparing the ONTAP cluster for FPolicy
      10. About configuring secure communication between Information Governance and cluster-mode NetApp devices
        1.  
          Generating SSL certificates for NetApp cluster-mode authentication
        2.  
          Preparing the NetApp cluster for SSL authentication
      11.  
        Enabling export of NFS shares on a NetApp Cluster-Mode file server
      12.  
        Enabling SSL support for Cluster Mode NetApp auditing
    2. Configuring EMC Celerra or VNX monitoring
      1. About configuring EMC Celerra or VNX filers
        1.  
          About EMC Common Event Enabler (CEE)
        2.  
          Preparing the EMC filer for CEPA
        3.  
          Preparing Information Governance to receive event notification
      2.  
        Credentials required for configuring EMC Celerra filers
    3. Configuring EMC Isilon monitoring
      1.  
        About configuring EMC Isilon filers
      2.  
        Prerequisites for configuration of Isilon or Unity VSA file server monitoring
      3.  
        Credentials required for configuring an EMC Isilon cluster
      4.  
        Configuring audit settings on EMC Isilon cluster using OneFS GUI console
      5.  
        Configuring audit settings on EMC Isilon cluster using the OneFS CLI
      6.  
        Configuring Isilon audit settings for performance improvement
      7.  
        Preparing Arctera Insight Information Governance to receive event notifications from an EMC Isilon or Unity VSA cluster
      8.  
        Creating a non-administrator user for an EMC Isilon cluster
      9.  
        Utilizing access zone's SmartConnect Zone/Alias mappings
      10.  
        Purging the audit logs in an Isilon filer
    4. Configuring EMC Unity VSA file servers
      1.  
        About configuring Dell EMC Unity storage platform
      2.  
        Credentials required for configuring an EMC Unity VSA file server
      3.  
        Configuring audit settings on EMC Unity cluster using Unisphere VSA Unity console
    5. Configuring Hitachi NAS file server monitoring
      1.  
        About configuring Hitachi NAS
      2.  
        Credentials required for configuring a Hitachi NAS EVS
      3.  
        Creating a domain user on a Hitachi NAS file server for Information Governance
      4.  
        Preparing a Hitachi NAS file server for file system auditing
      5.  
        Advanced configuration parameters for Hitachi NAS
    6. Configuring Windows File Server monitoring
      1.  
        About configuring Windows file server monitoring
      2.  
        Credentials required for configuring Windows File Servers
      3.  
        Using the installcli.exe utility to configure multiple Windows file servers
      4.  
        Upgrading the Windows File Server agent
    7. Configuring Arctera File System (VxFS) file server monitoring
      1.  
        About configuring Arctera File System (AxFS) file servers
      2.  
        Credentials required for configuring Arctera File System (AxFS) servers
      3.  
        Enabling export of UNIX/Linux NFS shares on AxFS filers
    8. Configuring monitoring of a generic device
      1.  
        About configuring a generic device
      2.  
        Credentials required for scanning a generic device
    9. Managing file servers
      1.  
        About configuring filers
      2.  
        Viewing configured filers
      3. Adding filers
        1.  
          Add/Edit NetApp cluster file server options
        2.  
          Add/Edit EMC Celerra filer options
        3.  
          Add/Edit EMC Isilon file server options
        4.  
          Add/Edit EMC Unity VSA file server options
        5.  
          Add/Edit Windows File Server options
        6.  
          Add/Edit Arctera File System server options
        7.  
          Add/Edit a generic storage device options
        8.  
          Add/Edit Hitachi NAS file server options
      4.  
        Custom schedule options
      5.  
        Editing filer configuration
      6.  
        Deleting filers
      7.  
        Viewing performance statistics for file servers
      8.  
        About disabled shares
      9. Adding shares
        1.  
          Add New Share/Edit Share options
      10.  
        Managing shares
      11.  
        Editing share configuration
      12.  
        Deleting shares
      13.  
        About configuring a DFS target
      14.  
        Adding a configuration attribute for devices
      15.  
        Configuring a DFS target
      16.  
        About the DFS utility
      17.  
        Running the DFS utility
      18.  
        Importing DFS mapping
    10. Renaming storage devices
      1.  
        About renaming a storage device
      2.  
        Viewing the device rename status
      3.  
        Considerations for renaming a storage device
  4. Section IV. Configuring SharePoint data sources
    1. Configuring monitoring of SharePoint web applications
      1.  
        About SharePoint server monitoring
      2.  
        Credentials required for configuring SharePoint servers
      3.  
        Configuring a web application policy
      4. About the Information Governance web service for SharePoint
        1.  
          Installing the Information Governance web service for SharePoint
      5.  
        Viewing configured SharePoint data sources
      6. Adding web applications
        1.  
          Add/Edit web application options
      7.  
        Editing web applications
      8.  
        Deleting web applications
      9. Adding site collections
        1.  
          Add/Edit site collection options
      10.  
        Managing site collections
      11.  
        Removing a configured web application
    2. Configuring monitoring of SharePoint Online accounts
      1. About SharePoint Online account monitoring
        1.  
          Prerequisites for configuring SharePoint Online account
      2.  
        Configuring user with minimum privileges in Microsoft 365
      3.  
        Creating an application in the Microsoft Azure portal
      4.  
        Configuring application without user impersonation for Microsoft 365
      5.  
        Adding SharePoint Online accounts
      6.  
        Managing a SharePoint Online account
      7. Adding site collections to SharePoint Online accounts
        1.  
          Add/Edit site collection options
      8.  
        Managing site collections
  5. Section V. Configuring cloud data sources
    1. Configuring monitoring of Box accounts
      1.  
        About configuring Box monitoring
      2.  
        Using a co-admin account to monitor Box resources
      3. Configuring monitoring of cloud sources in Information Governance
        1.  
          Add/Edit Box account
      4.  
        Configuring Box cloud resources through proxy server
      5.  
        Information Governance limitations for Box permissions
    2. Configuring OneDrive account monitoring
      1.  
        About configuring OneDrive monitoring
      2.  
        Configuring user with minimum privileges in Microsoft 365
      3.  
        Creating an application in the Microsoft Azure portal
      4.  
        Configuring application without user impersonation for Microsoft 365
      5.  
        Add/Edit OneDrive account
      6. Adding OneDrive cloud accounts
        1.  
          Add/edit OneDrive user accounts
    3. Configuring Azure Netapp Files Device
      1.  
        About Azure Netapp Files
      2.  
        Configuring Azure Netapp Files Device
    4. Managing cloud sources
      1.  
        Viewing configured cloud sources
      2.  
        Managing cloud sources
  6. Section VI. Configuring Object Storage Sources
    1. Amazon S3
      1.  
        About Amazon Simple Storage Service (Amazon S3)
      2.  
        Configuring Amazon S3 account monitoring
      3.  
        Configuring Audit Events in AWS
      4.  
        Creating an Athena table
      5.  
        Adding Amazon S3 account
      6.  
        Limitations for Amazon S3 in Information Governance
      7. Managing Amazon S3 data source
        1.  
          Monitored Buckets
        2.  
          Classification
  7. Section VII. Health and monitoring
    1. Using Arctera Insight Information Governance dashboards
      1.  
        Viewing the system health overview
      2.  
        Viewing the scanning overview
      3.  
        Viewing the scan status of storage devices
      4.  
        Viewing the scan history of storage devices
    2. Monitoring Information Governance
      1.  
        Viewing events
      2.  
        About high availability notifications
      3.  
        Monitoring the performance of Information Governance servers
      4.  
        Configuring email notifications
      5.  
        Enabling Windows event logging
      6.  
        Viewing scan errors
  8. Section VIII. Alerts and policies
    1. Configuring policies
      1.  
        About Information Governance policies
      2. Managing policies
        1.  
          Create Data Activity Trigger policy options
        2.  
          Create User Activity Deviation policy options
        3.  
          Create Real-time Data Activity Policy options
        4.  
          Create Real-time Permitted User-based Activity Policy options
        5.  
          Create Real-time Restricted User-based Activity Policy options
        6.  
          Create Real-time Sensitive Data Activity policy options
      3.  
        Managing alerts
  9. Section IX. Remediation
    1. Configuring remediation settings
      1. About configuring permission remediation
        1.  
          Managing and configuring permission remediation
        2.  
          Configuring exclusions for permission recommendation
      2.  
        About managing data
      3.  
        About deleting files
      4. About configuring archive options for Enterprise Vault
        1.  
          Adding new Enterprise Vault servers
        2.  
          Managing Enterprise Vault servers
        3.  
          Mapping file server host names
      5. Configuring Microsoft Purview Information Protection (MIP) Label
        1.  
          Removing MIP Label
      6.  
        Using custom scripts to manage data
      7.  
        Viewing and managing the status of an operation
  10. Section X. Reference
    1. Appendix A.  Information Governance best practices
      1.  
        Understanding Information Governance best practices
    2. Appendix B.  Migrating Information Governance components
      1.  
        Migrating Information Governance components
    3. Appendix C. Backing up and restoring data
      1.  
        Selecting the backup and restore order
      2.  
        Backing up and restoring the Information Governance Management Server
      3.  
        Backing up and restoring the Indexer node
      4.  
        Understanding Information Governance best practices
    4. Appendix D. Arctera Information Governance health checks
      1. About Information Governance health checks
        1.  
          Services checks
        2.  
          Deployment details checks
        3.  
          Generic checks
        4.  
          Information Governance Management Server checks
        5.  
          Information Governance Indexer checks
        6.  
          Information Governance Collector checks
        7.  
          Information Governance Windows File Server checks
        8.  
          Information Governance SharePoint checks
        9.  
          Classification server health checks
        10.  
          Information Governance self service portal server health checks
    5. Appendix E. Command File Reference
      1.  
        fg.exe
      2.  
        indexcli.exe
      3.  
        reportcli.exe
      4.  
        scancli.exe
      5.  
        installcli.exe
    6. Appendix F. Arctera Information Governance jobs
      1.  
        Scheduled Information Governance jobs
    7. Appendix G. Troubleshooting
      1.  
        About general troubleshooting procedures
      2.  
        About the Health Audit report
      3.  
        Location of Information Governance logs
      4.  
        Downloading Information Governance logs
      5.  
        Migrating the data directory to a new location
      6. Troubleshooting FPolicy issues on NetApp devices
        1.  
          Viewing FPolicy-related errors and warnings
        2.  
          Resolving FPolicy connection issues
      7.  
        Troubleshooting EMC Celera or VNX configuration issues
      8.  
        Troubleshooting EMC Isilon configuration issues
      9.  
        Troubleshooting SharePoint configuration issues
      10.  
        Troubleshooting Hitachi NAS configuration issues
      11.  
        Troubleshooting installation of Tesseract software
      12.  
        Troubleshooting RHEL 9 upgrade issue
      13.  
        Troubleshooting CyberArk Password Manager Configuration Issues

About user risk score

Information Governance enables you to monitor malicious activity in your storage environment. Information Governance profiles all users by assigning a risk-score to every configured user. It displays the riskiness of a user in terms of a numerical score that ranges from 0 to 100. Higher the risk score of a user, higher is the perceived risk posed by the user.

The risk score places each user at a relative distance from other users and orders them in accordance with how risky a user is in comparison to other users.

A risky user typically displays anomalies such as:

  • The fraction of the total number of data sources that a user has permissions on. (Access)

  • Abrupt deviation in activity pattern where deviation on activity on sensitive files is given more weightage. (Anomaly)

  • Abnormal increase in number of alerts against the user. (Alerts)

Note that the user risk score is computed by considering the individual scores of different parameters for the last 15 days by default. The user risk score is calculated on a daily basis and stored for the last 180 days.

The risk score assigned to a user helps you do the following:

  • Identify potentially malicious users.

  • Review the permissions that are granted to the users.

  • Review if a risky user is a custodian on any storage resource.

  • Review the top active and sensitive data that is being accessed by the risky user.

  • Add a user with a high risk score to a watch list to enable you to closely monitor the user's activities.

Information Governance computes the risk-score for a user based on the weighted sum of individual scores of the following parameters.

Table: Components for computing user risk score

Components

Descriptions

Deviation in accesses pattern on sensitive and non-sensitive files.

The overall deviation score is the weighted sum of the deviation values for sensitive and non-sensitive files.

Number of alerts against the user.

Percentage of alerts for a user against the total number of alerts, weighted by the severity of the policy that was violated.

Number of shares the user has read access on.

Percentage of shares on which the user has read access, against the total shares across all the storage devices.

Number of shares the user has write access on.

Percentage of shares on which the user has write access, against the total shares across all the storage devices.

Number of shares the user is custodian on.

Percentage of shares for which the user is a custodian, against the total shares across all the storage devices.

Deviation in the number of unique files that are accessed by the user. (Considering sensitive and non-sensitive files)

Overall score is the weighted sum of unique files that are accessed during past 15 days.

Deviation in the number of unique files that are accessed by the user. (Considering sensitive files only)

Overall score is the weighted sum of unique sensitive files that are accessed during past 15 days.

Deviation in the number of distinct DLP policies violated by the files accessed by the user.

Overall score is weighted sum of DLP policies.

The weights are proportional to the severity level of the policies.