Contents

...

...

Anchor
_heading=h.2et92p0 _heading=h.2et92p0

Configuration best practices

...

Anchor
_heading=h.tyjcwt _heading=h.tyjcwt

Agent Configuration

Login into system and navigate to the agent configuration

Login into the Getvisibilityapplication using the credentials given to you

...

Anchor
_heading=h.2s8eyo1 _heading=h.2s8eyo1

Compliance

Compliance is the act of conforming to a company directive, rule, policy, or standard or law. Some common compliance regulations and labels are: GDPR, PII, HIPAA, PHI, PCI. Getvisbility agent gives the user two options to customise and configure compliance as per their requirements.

...

• Select Configuration Wizard Mode

• Below, GDPR/PII has been selected as a compliance tag. Select Next.

...

Keep Selecting on Next to only change the compliance tags. The Last step of the wizard is displayed below.

...

Anchor
_heading=h.26in1rg _heading=h.26in1rg

Classification

Data classification is broadly defined as the process of organising data by relevant categories so that it may be used and protected more efficiently. On a basic level, the classification process makes data easier to locate and retrieve. By default, the Getvisibility classification is Public, Internal and Confidential.

...

• Select the Configuration Wizard Mode

• The user has selected Commercial Option as classification

• Select Next.

...

Keep Selecting on Next to only change the compliance tags.The Last step of the wizard the agent will be displayed.

...

Anchor
_heading=h.1ksv4uv _heading=h.1ksv4uv

MS Office Plugins

This functionality will allow the user to select which MS Office application the configuration will be applicable to.

...

• Select Configuration Wizard Mode

• As seen below, the user has selected only Word Plugin as the option. Select Next.

...

Keep Selecting on Next to only change the compliance tags. The Last step of the wizard the agent will display:

...

• Select Finish and the settings will be applied.

• To verify the Configuration, open a Word document, and the user should . The user will be able to view the Getvisibility icon and if the user Selects they select on the icon the compliance and classifications box will be displayed.

To verify the Configuration, open a Excel document, user will see that the Getvisibility icon on the top-right is disabled, and user will not be able to Select it

...

MS Office Policies & Visual Tagging

This functionality allows the user to set various policies to enforce on documents in MS Office applications.

...

• Select Configuration Wizard Mode

• Navigate to Word, Excel, PowerPoint Policies

Keep Selecting on Next to only change the compliance tags. Last step of the wizard the agent will display:

...

Anchor
_heading=h.4i7ojhp _heading=h.4i7ojhp

Outlook Plugins

This functionality will allow users to configure Outlook classification plugin.

...

• Select Finish to apply configuration

• To verify the Configuration, open a Word document

• The Getvisibility icon will be enabled

• Selecting on the icon will show the compliance and classifications box where the user to classify document

...

Anchor
_heading=h.3whwml4 _heading=h.3whwml4

Outlook Policies & Visual Tagging

This functionality will allow the user to set various policies that they can enforce on emails when using Outlook.

...

• When tagOnSend = Warnis configured users will be able to send email without classifying. Select Dismiss to send the email or OK to classify.

• If tagOnSend = Log&Ignore is set no notification will be displayed.

...

When tagOnPrint = forceis configure configured users cannot print emails without classifying. Select Dismiss to keep editing the email or OK to classify.

...

• If tagOnPrint = Warn, the user will be able to send the email without classifying it. The option to Dismiss is to send the email and OK is to classify the email.

• And if the tagOnPrint = Log&Ignore then no notification will be displayed.

• allowUnclassifiedAttachments = Block, the user cannot send any attachment in the email without classifying it.

...

minAttachmentsTag = Warn, in this case the attachment is highly confidential, and the email is on lower level of classification, so the agent will only warn the user, but the user will still be able to send the email.

...

• minAttachmentsTag = Log&Allow, the user will be able send any attachment in the email without any warning.

• allowDeEscalation = False, the user will not be allowed to lower the level of classification on the document and all the lower classification options will be disabled.

...

autoClassifyReplyForwardEmails = False, the user has the option to set the classification for the forwarding/reply email and as seen below the original email is classified as internal but that is not inherited while forward/reply email.

...

autoClassifyReplyForwardEmails = True, As seen below while forwarding the email, it has inherited the classification from the original email.

...

• The final option here also is Log&Allow, where the user will be able send any attachment in the email without any warning.

• The checkbox User lowers classification level of a classified email in unchecked, the user will not be allowed to lower the level of classification on the document and all the lower classification options will be disabled.

...

Image RemovedImage Added

The checkbox Inherit classification when Reply and Forward emails in unchecked, the user has the option to set the classification for the forwarding/reply email and as seen below the original email is classified as internal but that is not inherited to while forward/reply email.

...

Anchor
_heading=h.3as4poj _heading=h.3as4poj

Configure Emails

Expert Mode

Using Expert Mode, the user can enable/disable default policies related to email by making changes in the JSON file on the agent itself.

• Select Expert Mode

• Scroll down to the configurationOverrides section

• The policies that we can set are as below:

  • Classification: - Here the user can select which type of email he wants to configure. The options are Public/Internal/Confidential/Highly Confidential

  • DefaultEmailPolicy: - Here the user can set the policy to Block/Allow/Warn about the email.

  • BlockList: - The agent gives the option to create a blocklist of specific recipients. User will just have to add the email id of recipient in the list.

  • WarnList: - The agent gives the option to create a warnlist of specific recipients. User will just have to add the email id of recipient in the list.

  • AllowList: - The agent gives the option to create an allowlist of specific recipients. User will just have to add the email id of recipient in the list.

• Sample config file is as below:

"configurationOverrides": [

...

   "classification": "Public"

...

   "defaultEmailPolicy": "block",

...

   "blockList": [],

...

   "warnList": ["aagarwal@getvisibility.com],

...

    "allowList": []

• The above configuration says that for Public type emails are blocked for sending, except for the recipient aagarwal@getvisibility.com, whom the email can be sent but with a warning message.

• Validating the configuration as below. Since all the Public emails are blocked from sending and the recipient lab user is not on the Allow or Warn list the email cannot be sent.

...

If we change the recipient to aagarwal@getvisibility.com, agent will give only a warning as the recipient was in the warn list, but the email can still be sent.

...

Validating the configuration as below. Since all the Public emails are blocked from sending and the recipient lab user is not on the Allow or Warn list the email can be sent.

...

If we change the recipient is changed to: aagarwal@getvisibility.com, the agent will only give only a warning as the recipient was in the warn list, but the email can still be sent.

...

Anchor
_heading=h.2p2csry _heading=h.2p2csry

Generic Settings

WriteMetadataTags :-

This property will capture the details about the agent in office applications. The below screenshot is from the config file.

...

Additional feature to classify the documents/emails. Few examples are: Internal/Restricted/ External/Limited

AutoLabelling

This optional feature allows to automatically classify with a default label all newly created docs in Word, Excel, Powerpoint, and Outlook emails. It is possible to individually set the default label for each plugin individually. User will be able to select the classification label that he wants to apply to documents and email and when there is edit or change in the file and the file is saved the selected classification will be applied. Setting Autolabelling will allow the user to not to classify the documents every time the file is printed or saved, the classification will happen automatically.

...

The property used in Expert Mode areis: defaultClassificationValue. We can see below that the The defaultClassificationValue is set for Outlook, Word,Excel and PoperPoint. PowerPoint:

...

Wizard Mode for Word, Excel and PowerPoint:

...

While using Expert Mode the user has to be extra careful about the small details like punctuations punctuation and formatting of the file, else the agent will through and error like below.. Error will be presented to the user as needed:

...

Reports

There are two reports related to Synergy as shown below:

...

For users of Getvisibility Synergy, this report gives an overview of the security related activity undertaken by users of GVClient agents. It visualises data such as: de-escalations, mis-classifications, and confidential data in infographic form to give organisation’s a quick understanding of the data their users are passing through their network.

...

Agent Management

Agent Management gives the user a high-level status of all the agents installed. Details like Name of agent, the IP address and When was the agent last seen is shown on this dashboard. User can also see if the agent is Online or not. The facility to filter the agent based on Name, Health, and State also is provided.

...

Administration

Pattern Matching

Using Pattern Matching UI you can view, save, create and edit regex pattern, then the backend will process it and agent give suggestions based on the regex createdRegEx patterns. These the associated rules for each pattern will be suggested to users of the agents if the RegExs are found.

...

Select the Add New button to create a new Regex RegEx pattern, a new window will open to enter the regex RegEx pattern

...

Add a new regex pattern, we are creating a regex RegEx pattern. An example RegEx for Student ID which is made of 7 digits and 2 letters is shown

...

The tags and can be added for the new regex RegEx as shown below and Select Create

...

As you can see the The new pattern in is created but right now it is unpublished

...

User also has Users have the option to Edit/Delete the regex a RegEx pattern

...

After Selecting on Publish, the classification services starts so that the backend can process the new regex patternpipeline restarts to pick up the enabled RegEx patterns for matching.

...

User Users can see the confirmation message for published changes:

...

Once the changes are published wait for few minutes, then open the document and enter the regex pattern you had created, in this example we had created for 7 digits and 2 letters.As you can see below we have entered the student ID as per the regex and we can see the agent giving us the suggestion that is is Restarting of the classification pipeline may take a few minutes. Once complete, open a Word document and enter a configured RegEx pattern. In this example: Syudent ID (7 digits and 2 letters)

The RegEx pattern has been found and the suggestions of GDPR/PII:100% for Compliance and Confidential for Classification as Confidentialare given.

...

User Users can then Select select Use Suggested; GDPR/PII and Confidential will get selected and the documents document will be classified.

...

User Users also has have the option to ignore the suggestion and use any other values to classify.

User Management

Using the user management users will be able to create new users to access the applicationIn the User Management screen, new users can be created to access the User Interface. There are 2 two ways to create new users:

...

Select the User Management option of the portal

...

User will be asked to login into keycloak Keycloak portal (Credentials will be shared separately)

...

Navigate to the User Section and Select the Add User button

...

Select the Save:

...

Select in credentials Credentials. The user will be able to set the password for the new login, using this method we they can create a new user or view the existing users.

...

End of Document