Versions Compared

Version Old Version 28 New Version Current
Changes made by

Ashima Agarwal

Ashima Agarwal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Contents

Table of Contents
minLevel1
maxLevel3

...

Prepared By

...

Reviewed By

...

Date

...

Document Version

...

Software Version

...

Ashima Agarwal

...

Artem Kalaitan

...

13-June-2022

...

V 1

...

V 2.8

...

Ashima Agarwal

...

Artem Kalaitan

...

25-July-2022

...

V2

...

V 2.10

...

Ashima Agarwal

...

Artem Kalaitan

...

10-Aug-2022

...

V4

...

Contents

Table of Contents
minLevel1
maxLevel3

Anchor
_heading=h.30j0zll
_heading=h.30j0zll
Synergy

This document has two major sections

  • Agent

    • Agent Configuration

      • Seclore Protection

    • Agent Management

    • Reports

  • Administration

    • Pattern Matching

    • User Management

Agent

Deployment

A link to the agent deployment document is added below:

...

titleAgent Deployment

...

Please refer the below link for Agent Installation steps.

Synergy Agent for Windows: Deployment Guide

Configuration best practices

Please see refer the below document for best practices:

...

titleBest Practice

...

link for Configuration Best Practices

...

Best Practices Document

...

Agent Configuration

Login into system and navigate to the agent configuration

Login into the Getvisibilityapplication using the credentials given to you

...

The first option of Configuration Import can be used by simply uploading the config file. Click on Select the Configuration Import option and the dialog box will open where the user must select a JSON file.

...

The configuration will be uploaded. When the user clicks Selects Finish the new config will be saved

...

In the below section we will go through the various configurable options that can be applied to the agent using both Expert mode and Wizard mode:

Anchor
_heading=h.2s8eyo1
_heading=h.2s8eyo1
Compliance

Compliance is the act of conforming to a company directive, rule, policy, or standard or law. Some common compliance regulations and labels are: GDPR, PII, HIPAA, PHI, PCI. Getvisbility agent gives the user two options to customise and configure compliance as per their requirements.

...

Using Expert Mode, the user can add compliance tags by making changes in the agent configuration JSON file. One can add custom compliance or any of the standard compliance tags.

  • Click on Select Expert Mode

  • Scroll down to the compliance section

  • Add the values

    • It can be seen below that EAR/US and CustomCompliaceExample have been added

  • Click on Select Finish

...

‘Configuration saved successfully’ message will be displayed on the screen along with the OK button.

...

  • Click on Select the OK button and the user is returned to the main Getvisibility agent configuration page.

  • To verify the Configuration, open a word document, click on Select the Getvisibility icon in the top-right of the ribbon. The user will be able to see the custom tags.

M

Anchor
_heading=h.3rdcrjn
_heading=h.3rdcrjn
Wizard Mode

Using Wizard Mode, the user can select the compliance tags selecting the check box on screen.

  • Click on Select Configuration Wizard Mode

  • Below, GDPR/PII has been selected as a compliance tag. Click Select Next.

...

Keep clicking on Selecting Next to only change the compliance tags. The Last step of the wizard is displayed below.

Click Select Finish and following message will be displayed

...

To verify the Configuration, open a Word document, click on Select the Getvisibility icon on the top-right of the ribbon. The user will be able to see the selected tags.

...

Anchor
_heading=h.26in1rg
_heading=h.26in1rg
Classification

Data classification is broadly defined as the process of organising data by relevant categories so that it may be used and protected more efficiently. On a basic level, the classification process makes data easier to locate and retrieve. By default, the Getvisibility classification is Public, Internal and Confidential.

...

Using Expert Mode, the user can add compliance tags by making changes in the agent configuration JSON file. One can add custom compliance or any of the standard compliance tags.

  • Click on Select Expert Mode

  • Scroll down to the classification section

  • Add the values.

    • It can be seen below that CustomClassification has been added in Expert Mode

  • Click on Select the Finish button

...

‘Configuration saved successfully’ message will be displayed on the screen along with the OK button.

...

  • Click on Select the OK button.The user is returned to the main Getvisibility agent configuration page.

  • To verify the Configuration, open a Word document, click on Select the Getvisibility icon on the top-right of the ribbon. The user will be able to see the custom tags.

...

The user can select the classification by selecting the radio button on screen.

  • Click on Select the Configuration Wizard Mode

  • The user has selected Commercial Option as classification

  • Click Select Next.

...

Keep clicking on Selecting Next to only change the compliance tags.The Last step of the wizard the agent will be displayed.

Image RemovedImage Added

Click Select Finish and following message will be displayed

...

To verify the Configuration, open a Word document, click on Select the Getvisibility icon on the top-right of the ribbon. The user will be able to see the selected tags.

...

Anchor
_heading=h.1ksv4uv
_heading=h.1ksv4uv
MS Office Plugins

This functionality will allow the user to select which MS Office application the configuration will be applicable to.

Anchor
_heading=h.44sinio
_heading=h.44sinio
Expert Mode

Using Expert mode, the user can enable/disable the Office Plugins by making changes the agent configuration JSON file.

  • Click on Select Expert Mode

  • Scroll down to the Office Configuration section

  • Add the values.

    • It can be seen below that wordPluginActive is set to FALSE

  • Click on Select the Finish button

...

To verify the Configuration, open a Word document, the user will see that the Getvisibility icon on the top-right is disabled. The user will not be able to click Select it.

...

Anchor
_heading=h.2jxsxqh
_heading=h.2jxsxqh
Wizard Mode

Using Wizard Mode, the user can select the which application the configuration will be applicable to by selecting the check-box on screen.

  • Click on Select Configuration Wizard Mode

  • As seen below, the user has selected only Word Plugin as the option. Click Select Next.

...

Keep clicking on Selecting Next to only change the compliance tags. The Last step of the wizard the agent will display:

...

  • Click Select Finish and the settings will be applied.

  • To verify the Configuration, open a Word document, and the user should . The user will be able to view the Getvisibility icon and if the user clicks they select on the icon the compliance and classifications box will be displayed.

To verify the Configuration, open a Excel document, user will see that the Getvisibility icon on the top-right is disabled, and user will not be able to click Select it

...

MS Office Policies & Visual Tagging

This functionality allows the user to set various policies to enforce on documents in MS Office applications.

Expert Mode

Using Expert mode, the user can enable/disable the policies related to MS Office by making changes agent configuration JSON file.

  • Click on Select Expert Mode

  • Scroll down to the OfficeConfiguration section

  • The available policies:

    • Header: - This will add a Header to the document. The user can leave it empty or customise it as needed

    • Footer: - This will add a Footer to the document. The user can leave it empty or customise it as needed

    • Watermark: - This will add a Watermark to the document. The user can leave it empty or customise it as needed

    • TagBeforePrint: - This option will Force, Warn or Log & Ignore (allow) the user to classify any document before printing

    • TagDirtyBufferOnSave: - This option will Force, Warn or Log & Ignore (allow) the user to classify any document before saving

    • AllowDescalation: - This option allows the user to lower the classification level of a classified document.

    • ExcelTextForwardingActive: This is a scraping feature, it tells the plugin to scrape the text from within an app like Word or Excel and then forward it to the classifier for a suggestion. This option can be set using True or False.

    • PowerpointSubtitle:- This will add a Subtitle to the PowerPoint. This policy is optional.

    • PowerpointTitle:- This will add a title to the PowerPoint. This policy is optional.

  • Example of Config:

...

Code Block
"header": "<span>Classified as {classification} by Getvisibility&reg;</span>",

      "footer": "",

      "watermark": "",

      "tagDirtyBuffersOnSave": "force",

      "tagBeforePrint": "ignore",

      "allowDeEscalation": false,

      "excelTextForwardingActive": false,

  • Click on Select the Finish button

  • Verify the documents based on the config above

  • As per the config the user should be able to see the header and footer. The watermark should be blank.

...

As allowDeEscalation = False is configured, the user will not be allowed to lower the level of classification on the document and all the lower classification options will be disabled:

  • Image RemovedImage Added

  • As excelTextForwardingActive = Falseis configured, text from the MS Office app will not be sent to classifier for suggestions.

Wizard Mode

Using Wizard Mode, the user can easily enable/disable the policies related to MS office.

  • Click on Select Configuration Wizard Mode

  • Navigate to Word, Excel, PowerPoint Policies

Keep clicking on Selecting Next to only change the compliance tags. Last step of the wizard the agent will display:

...

  • Click Select Finish and the settings will be applied.

  • Verify the documents based on the selection above

  • The user should be able to see the header and footer, the watermark should be blank:

...

The lower classification option has not been selected. So user is not allowed to lower the level of classification on the document and all the lower classification options are disabled:

...

classification on the document and all the lower classification options are disabled:

...

Seclore Protection

Documents will be protected if the user is using seclore flavour agent. All the steps to classify a document is exactly same as seen above only with seclore agent along with classification user can protect the document as well. Mapped classifications values between GV and Seclore are : Public, Internal, Confidential.

Open or create new file:

...

Image AddedImage AddedImage Added

Protecting the while when using right click classification:

...

User will see these red locks as icon in the files where seclore protection is applied.

...

Anchor
_heading=h.4i7ojhp
_heading=h.4i7ojhp
Outlook Plugins

This functionality will allow users to configure Outlook classification plugin.

Expert Mode

Using Expert mode, user users can enable/disable Outlook Plugins by making changes in editing the agent configuration JSON file on agent .

  • Click on Select Expert Mode

  • Scroll down to OutlookConfiguration section

  • Add values.

    It can be seen below that

    values

    • OutlookPluginActive is set to True in expert mode as an the example.

  • Click on Select the Finish Button button

  • Image RemovedImage Added

  • 'Configuration saved successfully’ message will be displayed on screen along with the OK button.

  • To verify the Configuration, open Outlook, the user will see that the Getvisibility icon on the top-right is enabled, and . The user will be able to click Select it and classify the email, if the OutlookPluginActive = false is configured the same icon will be disabled.

...

Wizard Mode

Using the Wizard modeMode, the user can enable/disable the Outlook Plugins by making changes in the agent screen.

...

Focus UI

  • Select Configuration Wizard Mode

  • There are total of 12 steps in the Wizard and Outlook Plugin is selected on the third step.

  • As seen below user has selected Outlook option Select Outlook

  • Then click Select Next.

...

  • Click Select Finish to apply configuration

  • To verify the Configuration, open word a Word document.

  • The Getvisibility icon will be enabled.

  • Clicking on Selecting the icon will show the compliance and classifications box for where the user to classify document.

...

Anchor
_heading=h.3whwml4
_heading=h.3whwml4
Outlook Policies & Visual Tagging

This functionality will allow the user to set various polies that the user would like to policies that they can enforce on documents emails when using Outlook.

Expert Mode

Using the Expert mode, the user can enable/disable the policies related to office Outlook by making changes in editing the agent configuration JSON file on the agent itself.

  • Click on the Select Expert Mode

  • Scroll down to the OutlookConfiguration section

  • The polies that we can set are as belowavailable policies:

    • Header: - This will add a Header to the email. User The user can leave it empty or customize customise it as needed

    • Footer: - This will add a Footer to the email. User The user can leave it empty or customize customise it as needed

    • TagOnPrint: - Using this option you can will Force, Warn, or Log & Ignore the user (allow) users to classify any modified email before printing .

    • TagOnSend: - Using this option you can will Force, Warn, or Log & Ignore the user (allow) users to classify any modified email before sending

    • allowUnclassifiedAttachments - Using this option you can will Block, Warn, or Log & Allow the user (allow) users to send unclassified attachments in email. emails

    • minAttachmentsTag - This option will allow the user users to Inherit the minimal classification from a classified attachment to the email.

    • allowDescalation: - This option allows the user users to lower the classification level of a classified email.

    • autoClassifyReplyForwardEmails - This option allows the user users to inherit the classification level when replying or forwarding an email.

Example of Config is as below:config:

Code Block
"

...

OutlookPluginActive": true,

...



 "header": "<h2 style=\"font-style:italic\"><span style=\"font-     size:14px\">Classified as {classification} by Getvisibility&reg;

...

 Custom Header</span></h2>",

...



      "footer": "",

...



      "tagOnSend": "force",

...



      "tagOnPrint": "force

...

",

      "allowUnclassifiedAttachments": "block",

...



      "minAttachmentsTag": "block",

...



      "allowDeEscalation": true,

...



      "autoClassifyReplyForwardEmails": true,

  • Click on Select the Finish Button

  • Verify the documents based on the config above

  • button

  • As per the config user should be able to see , the header and the footer should be blank as displayed below.

...

If the user changes the config and footer is added the config and the outlook will look as below:

...

  • :

...

Adding a footer to an Outlook email using the configuration file:

Code Block
header": "<span style=\"color:#008004;\"><h2 style=\"font-style:italic\"><span style=\"font-size:14px\">Classified as {classification} by Getvisibility&reg; </span></h2></span>",

...



 "footer": "<span style=\"color:#008004;\"><span><strong>Classified as {classification} by Getvisibility&reg; </strong></span></span>"

...

As When tagOnSend = force, the user is configured users cannot send the email emails without classifying it. The option to Select Dismiss is to keep editing the email and or OK is to classify the email.

...

  • As When tagOnSend = Warn, the user is configured users will be able to send the email without classifying it. The option to Select Dismiss is to send the email and or OK is to classify the email.

  • And if the If tagOnSend = Log&Ignore then is set no notification will be displayed.

...

As When tagOnPrint = force, the user is configured users cannot print the email emails without classifying it. The option to Select Dismiss is to keep editing the email and or OK is to classify the email.

...

  • If WhentagOnPrint = Warn is configured, the user will be able to can send the email without classifying it. The option to Select Dismiss is to send the email and OK is to classify the email. And if the

  • When tagOnPrint = Log&Ignore then is configured no notification will be displayed.

  • |With allowUnclassifiedAttachments = Block, the user cannot send any attachment in the email without classifying it.

...

  • allowUnclassifiedAttachments = Warn, In this case user will be able to : The user can send the attachment in the email without classifying it but agent will give a warning.

  • allowUnclassifiedAttachments = Log&Allow, the user will be able to : The user can send the attachment in the email without classifying without any warning.

  • minAttachmentsTag = Block, in : In this case the attachment is highly confidential, and the email is on lower level of classification, so the agent will not allow sending the email. The user will have to change the classification of either the attachment or the email, else otherwise they will not be able to send the email.

...

minAttachmentsTag = Warn, in : In this case the attachment is highly confidential, and the email is on lower level of classification, so the agent will only warn the user, but the user . They will still be able to send the email.

...

  • minAttachmentsTag = Log&Allow, the : The user will be able send any attachment in the email without any warning.

  • allowDeEscalation = False, the Fa: T: The user will not be allowed to lower the level of classification on the document and all the lower classification options will be disabled.

...

autoClassifyReplyForwardEmails = False, the : The user has the option to set the classification for the forwarding/reply an email and as . As seen below the original email is classified as internal but that is not inherited while forward/reply emailwhen forwarding or replying.

...

autoClassifyReplyForwardEmails = True, : As seen below while forwarding the email, it has inherited the classification from the original email.

...

Wizard Mode

Using Wizard mode, user can enable/disable policies related to Outlook by making changes on the screen.

...

Click on the Configuration Wizard Mode

...

to Outlook.

  • Select the Configuration Wizard Mode

  • The Header is selected on wizard and footer is left blank

...

Verify the setting on outlook we can see settings on Outlook: the header can be seen but not the footer.

...

If the user changes the setting settings and footer is added in the config and , the wizard Wizard and outlook Outlook will look as below:

...

Image RemovedImage Added

Moving on to To set the Outlook polices, the user has selected Force to classify and send the email , The user cannot send the email without classifying it. The option to Dismiss is to keep editing the email and OK is to classify the email.

...

If the user Changes it to Warn to classify and send the email, user they will be able to send the email without classifying it but with a warning. The option to Dismiss is to send the email and OK is to classify the email.

...

The last option is of Log & ignore, where the user can send the email without classification and without any or warning.

...

As the user has selected Force to classify and print the email, user they cannot print the email without classifying it. The option to Dismiss is to keep editing the email and OK is to classify the email.

...

The other two options are Warn , and Log&Ignore where the user will be able to print the email without classifying it. The option to Dismiss is to print the email and OK is to classify the email. And with With the LoLog&Ignore there will be no warning at all.

...

As the user has selected Block, the user cannot send the any attachment in the email without classifying it.

...

The other two options are: Warn, where the user will be able send the attachment in the email without classifying it but the agent will give with a warning like shown below , and Log&Allow where the user will be able send the attachment in the email without classifying and without any but with a warning.

...

The user has selected Block for the 4th last option, in this case the attachment is highly confidential, and the email is on a lower level of classification, so the agent will not allow to send the email. The user will have to change the classification of either the attachment or the email, else otherwise they will not be able to send the email as shown in the screen shot.:

...

If the user has selects Warn, in this case the attachment is highly confidential, and the email is on a lower level of classification, so the agent will only warn the user, but the user will still be able to send the email.

...

  • The final option here also is Log&Allow, where the user will be able send any attachment in the email without any warning.

  • The checkbox User lowers classification level of a classified email in is unchecked, the user will not be allowed to lower the level of classification on the document and all the lower classification options will be disabled.

...

Image RemovedImage Added

The checkbox Inherit classification when Reply and Forward emails in is unchecked, the . The user has the option to set the classification for the forwarding/reply email and as seen below the original email is classified as internal but that is not inherited to while forward/reply email is applied.

...

Image RemovedImage Added

The checkbox Inherit classification when Reply and Forward emails in is checked, . As seen below while forwarding the email, it has inherited the classification from the original email.

...

Image RemovedImage Added

Anchor
_heading=h.3as4poj
_heading=h.3as4poj
Configure Emails

Expert Mode

Using the Expert modeMode, the user can enable/disable default policies related to email by making changes in editing the agent configuration JSON file on the agent itself.

  • Click on the Select Expert Mode

  • Scroll down to the configurationOverrides section

  • The polies that we can set are as belowpolicies:

    • Classification: - Here the user can select which type of email he they wants to configure. The options are Public/Internal/Confidential/Highly Confidential

    • DefaultEmailPolicy: - Here the user can set the policy to Block/Allow/Warn about the an email.

    • BlockList: - The agent gives the option to create a blocklist of specific recipients. User will just have to Users can add the email id of recipient in the list.

    • WarnList: - The agent gives the option to create a warnlist of specific recipients. User will just have to Users can add the email id of recipient in the list.

    • AllowList: - The agent gives the option to create an allowlist of specific recipients. User will just have to Users can add the email id of recipient in the list.

  • Sample config file is as below:

Code Block
"configurationOverrides": [

...



   "classification": "Public"

...



   "defaultEmailPolicy": "block",

...



   "blockList": [],

...



   "warnList": ["aagarwal@getvisibility.com],

...



    "allowList": []

  • The above configuration says that for Public type emails are blocked for sending, except for the recipient aagarwal@getvisibility.com, whom the email can be sent to but with a warning message.

  • Validating the configuration as below. Since all the Public emails are blocked from sending and the recipient lab user is not on the Allow or Warn list the email can cannot be sent.

...

If we change the recipient to aagarwal@getvisibility.com, the agent will give only a warning as the recipient was in the warn list, but the email can still be sent.

...

Wizard Mode

Using the Wizard modeMode, the user can enable/disable the policies related to Outlook by making changes in the on the screen directlyOutlook.

  • Click on Select the Configuration Wizard Mode

  • There is total 12 steps in Wizard and Outlook polices starts from 8th step.

  • As shown below the Public emails are by default set to Block but 1 recipient is allowed to send the email with a warning.

...

Validating the configuration as below. Since all the Public emails are blocked from sending and the recipient lab user is not on the Allow or Warn list the email can be sent.

...

If we change the recipient is changed to: aagarwal@getvisibility.com, the agent will only give only a warning as the recipient was in the warn Warn list, but the email can still be sent.

...

The same settings can be done for Internal/Confidential/Highly Confidential emails as well with one additional option to copy the configuration from the previous classification.

...

Anchor
_heading=h.2p2csry
_heading=h.2p2csry
Generic Settings

WriteMetadataTags :-

This property will capture the details about the agent in office applications. The below screenshot is from the config file.

...

Based on the distribution list, the email addressed addresses in this list will be the once that the outlook ones Outlook plugin will allow sending emails to.

AllowInternalToExternal:

Based on the distribution list, this This property allows to share a file in outlook irrespective of the distribution value.the user to change the distribution list from internal to external

MaxNumberOfRecipients:

This property allows to set setting the maximum number of people the user wants to send the email to.

SuggestionOptions:

This tag will allow the user users to configure the options user they want to show while showing the suggestion box on Ms office MS Office or Outlook.

AgentDialogConfiguration

This tag will allow the user to customize customise the options user they want to show while show like showing labels such as compliance, classification etc.

...

Additional feature to classify the documents/emails. Few examples are: Internal/Restricted/ External/Limited

AutoLabelling

This optional feature allows users to automatically classify with a default label all newly created docs documents and emails in Word, Excel, Powerpoint, and Outlook emails. It is possible to individually set the default label for each plugin individually. User Users will be able to select the classification label that he they wants to apply to documents and email and when there is edit or change in the file and the file is saved the selected classification will be applied. Setting Autolabelling will allow the user to not to classify the documents every time the file is printed or saved, the classification will happen automatically.

...

The property used in Expert Mode areis: defaultClassificationValue. We can see below that the The defaultClassificationValue is set for Outlook, Word,Excel and PoperPoint. PowerPoint:

...

Wizard Mode for Word, Excel and PowerPoint:

...

Wizard Mode for Outlook:

...

Caution

While using the expert mode Expert Mode the user has to be extra careful about the small details like punctuations punctuation and formatting of the file, else the agent will through and error like below.. Error will be presented to the user as needed:

...

Reports

There are two reports related to Synergy as shown below:

...

For users of Getvisibility Synergy, this report gives an overview of the security related activity undertaken by users of GVClient agents. It visualises data such as: de-escalations, mis-classifications, and confidential data in infographic form to give organisation’s a quick understanding of the data their users are passing through their network.

...

Agent Management

Agent Management gives the user a high-level status of all the agents installed. Details like Name of agent, the IP address and When was the agent last seen is shown on this dashboard. User can also see if the agent is Online or not. The facility to filter the agent based on Name, Health, and State also is provided.

...

Administration

Pattern Matching

Using Pattern Matching UI you can view, save, create and edit regex pattern, then the backend will process it and agent give suggestions based on the regex createdRegEx patterns. These the associated rules for each pattern will be suggested to users of the agents if the RegExs are found.

...

Click on Select the Add New Button button to create a new Regex RegEx pattern, a new window will open to enter the regex RegEx pattern

...

Add a new regex pattern, we are creating a regex RegEx pattern. An example RegEx for Student ID which is made of 7 digits and 2 letters is shown

...

The tags and can be added for the new regex RegEx as shown below and click on Select Create

...

As you can see the The new pattern in is created but right now it is unpublished

...

User also has Users have the option to Edit/Delete the regex a RegEx pattern

...

After clicking on Selecting Publish, the classification services starts so that the backend can process the new regex patternpipeline restarts to pick up the enabled RegEx patterns for matching.

...

User Users can see the confirmation message for published changes:

...

Once the changes are published wait for few minutes, then open the document and enter the regex pattern you had created, in this example we had created for Restarting of the classification pipeline may take a few minutes. Once complete, open a Word document and enter a configured RegEx pattern. In this example: Syudent ID (7 digits and 2 letters.As you can see below we have entered the student ID as per the regex and we can see the agent giving us the suggestion that is is )

The RegEx pattern has been found and the suggestions of GDPR/PII:100% for Compliance and Confidential for Classification as Confidentialare given.

...

User Users can then select on Use Suggested; GDPR/PII and Confidential will get selected and the documents document will be classified.

...

User Users also has have the option to ignore the suggestion and use any other values to classify.

User Management

Using the user management users will be able to create new users to access the applicationIn the User Management screen, new users can be created to access the User Interface. There are 2 two ways to create new users:

Using the portal

Click on Select the User Management option of the portal

...

User will be asked to login into keycloak Keycloak portal (Credentials will be shared separately)

...

Navigate to the User Section and click on Select the Add User Buttonbutton

...

Click on the Select Save:

...

Click in credentials Select Credentials. The user will be able to set the password for the new login, using this method we they can create a new user or view the existing users.

...

Using LDAP method

For the LDAP method please Please refer the below document for details:

...

link for Creating a user using LDAP.

Reseller Keycloak Quick Installation Guide

...