1 Scenario
2 Requirements
3 Suggestions and Focus
4 Agent Config
- 4.1 Compliance and Distribution
5 Running CLI
- 5.1 Manually
- 5.2 Scripted
- 5.3 [ToDo] Automated

Scenario

With Synergy we can create a mapping in Agent Config and utilize CLI to process files that have been previously classified with Boldon James labels. This can be done in multiple ways:

manually on a single file
scripted to run through folder/multiple folders
automated with DLP software

We can also create Regexes so endusers will start receiving suggestions on files previously classified with BJ.

In Focus that means we can automatically recognize existing classification.

Requirements

Customer will need to provide mapping between Boldon James labels and Getvisibility. In the below example we have configured 4 Getvisibility tags of which we want only 3 Boldon James ones to be recognized.

  "classificationTags": {
    "id": "e16409a7-1700-4153-9090-3955bc2f0ae8",
    "tags": [
      "Public",                           <- BJ Public
      "Internal",                         <- BJ External
      "Confidential",                     <- BJ Confidential
      "Highly Confidential"               <-[ not provided / non existent in BJ ]
    ]
  },

Suggestions and Focus

For suggestions and Focus to recognize BJ classification we need to create Regexes for all existing BJ labels:

Agent Config

To process existing files without requiring users to open them manually, we can utilize CLI. For CLI to work we need to add externalLabelMappings stanza to Agent Config for the Agent to recognize them. So the above example we can translate into:

  "externalLabelMappings": [
    {
      "regex": "BJ Public",
      "tagset": "e16409a7-1700-4153-9090-3955bc2f0ae8",
      "tag": "Public"
    },
    {
      "regex": "BJ External",
      "tagset": "e16409a7-1700-4153-9090-3955bc2f0ae8",
      "tag": "External"
    },
    {
      "regex": "BJ Confidential",
      "tagset": "e16409a7-1700-4153-9090-3955bc2f0ae8",
      "tag": "Confidential"
    }     
  ],

Compliance and Distribution

We can also automatically recognize and set Compliance and Distribution tags, just by adding reference in externalLabelMappings to other tagsets:

  "externalLabelMappings": [
    {
      "regex": "xxxxxxxxxxxxx",
      "tagset": "f14fc1f1-8950-40d5-8a29-45909da947d6",
      "tag": "GDPR/PII"
    },
    {
      "regex": "yyyyyyyyyyyyy",
      "tagset": "004dea33-8751-4399-a76e-95f371cb4119",
      "tag": "External"
    }     
  ],

Running CLI

Manually

To apply Getvisibility classification to a file that has been previously classified by BJ we can run a command:

GVClient.CLI.Windows.exe "C:\Users\CLI-1.pptx" --silent --overwrite --save --map-external

Scripted

param ($fname)

# set up environment
# where to store the log
$log = "c:\gv\CLI.log"
# get id of current process
$my_id = [System.Diagnostics.Process]::GetCurrentProcess() | Select-Object -ExpandProperty ID
# allow only extensions from the list below
$extensions = @("xlsx", "docx", "docm", "dotm", "dotx", "pptx", "pdf", "doc", "dot", "xls", "xlt", "ppt", "pps", "xlsm", "xlst", "xlsb", "potm", "potx", "ppsm", "pptm", "ppsx", "dwg", "dxf", "jpg", "jpeg", "png", "mp4", "jpe", "bmp", "wav", "mov", "avi", "m4p", "m4v", "gif", "tiff", "tif", "zip", "mpp")
# location of CLI executable
$cli = "C:\Program Files (x86)\GVClient\app-3.5.8\GVClient.CLI.Windows.exe"

##################################################################################################
function classify {
	$cli_running = @(Get-Process GVClient.CLI.Windows -ErrorAction Ignore)
	log("         CLI running [$($cli_running.Length)]: $($cli_running)")
	$status = $(& $cli `"$fname`" --silent --overwrite --save --map-external)
	
	log ("-------------------> $status <-------------------")
}

function log {
	param ([string]$line)
	Write-Output "[$((Get-Date).ToString())] [$my_id] $line" >> $log
}

function finish {
	log("[ Finishing ]")
	exit
}

function main {
	log("[ Starting ]")
	log("Parameter: $fname")
	# check if $fname exists
	if (-not(Test-Path -Path $fname -PathType Leaf)) {
		log(" Error: File [$fname] not found")
		finish
	} else {
		log(" Found file [$fname]")
		$ext=(Split-Path -Path $fname -Leaf).Split(".")[1].ToLower()
		if ($extensions -contains $ext) {
			log(" Filetype [$ext] is supported.")
			classify
		} else {
			log(" Error: Filetype [$ext] is NOT supported, skipping.")
			finish
		}
	}
	finish
}

# create c:\gv\ folder for logs
mkdir c:\gv -ErrorAction Ignore

main

[ToDo] Automated

If working with DLP we can create Network or / Endpoint Discovery and send discovered files to CLI to convert the labels.

Boldon James migration