Enterprise Vault™ Classification using the Microsoft File Classification Infrastructure
- About this guide
- Getting started
- How Enterprise Vault caches the items that it submits for classification
- Setting up the classification properties
- Configuring your classification rules
- Defining and applying classification policies
- Running classification in test mode
- Publishing classification properties and rules across your site
- Using classification with smart partitions
- Appendix A. Enterprise Vault properties for use in classification rules
- Appendix B. PowerShell cmdlets for use with classification
- Appendix C. Monitoring and troubleshooting
Supported configuration parameters for rules that use the Veritas Information Classifier method
When you create a rule that uses the Veritas Information Classifier method, you must specify one or more additional configuration parameters. These parameters define the text strings or regular expressions for which you want to search in items. Each parameter consists of a name and a corresponding value.
You can specify multiple configuration parameters for the same rule. For example, you may want to create a rule that searches the subject lines of items for one word and their message bodies for a second word. Where this is the case, an item must match all the parameters for the rule to match; the Veritas Information Classifier links the parameters together with Boolean AND operators rather than OR operators.
To simulate the effect of linking multiple parameters with Boolean OR operators, create multiple rules that assign the same value to the same classification property. For example, you might create two rules that assign the same value to the evtag.category property: one rule that searches the subject lines of items for a word and a second rule that searches their message bodies for a different word.
The values that you type in the Name column of the Classification Parameters dialog box set the scope of the configuration parameter: they specify the properties of an item that you want to search.
You can search an individual property by typing its name in the Name column. For example, you might type cont to search the message body of an item or rbea to search the email addresses of its recipients. Indexed items can have a large number of properties, but only a subset is of interest for classification purposes. These are the properties and associated values that Enterprise Vault stores in the plain-text files in the classification cache folder.
If you want to classify the items in one archive only, the archiveid property lets you specify the unique identifier of this archive. For example, by specifying an archiveid property value in one configuration parameter and a cont property value in a second configuration parameter, you can limit classification to the items in the nominated archive that have particular words in their message bodies.
A number of composite properties are also available with which you can search multiple properties of items at once. Table: Composite properties describes these values.
Table: Composite properties
Searches all the attachment-related properties: content, file name, size, type, and dates.
Searches the author properties.
Searches both the subject line and content of items and their attachments.
Searches the item in its entirety: subject line, content, and all the classifiable properties of items and their attachments.
Searches the recipient list properties.
Searches the subject lines of items and their attachments.
You can combine multiple properties in a single Name value by separating them with a pipe symbol (|). For example, the following Name value is equivalent to the composite value Subject because it lets you search the subject lines of an item (subj) and its attachments (a_subj).
The next example searches the subject lines of an item and its attachments (Subject) and the content of those attachments (a_cont).
In the Value column of the Classification Parameters dialog box, you specify what to search for: a word or phrase, for example, or a regular expression.
By default, the values that you enter are case-insensitive. So, the value Fraud matches not just Fraud but fraud and FRAUD as well. However, you can make a value case-sensitive by preceding it with (?-i). For example, (?-i)Fraud matches Fraud only.
Specify date and time values as Coordinated Universal Time (UTC) values in the ISO 8601 format. According to ISO 8601, a combined date and time value has the following format:
For example, 2016-07-12T13:00:00Z.
Table: Supported values in the Value column describes the types of values that the Veritas Information Classifier supports.
Table: Supported values in the Value column