State of the art

DLP Complex search

  • Text
  • Search in
  • User
  • Data
  • Time
  • Day of week
  • Size
  • Document status
  • Recognized content
  • Search by process parameters
  • Regular expression
  • Computer
  • Domain
  • IP addresses
  • Port
  • Mail
  • Messengers
  • Web
  • Devices
  • Printers
  • Screenshots
  • File
  • Custom attribute
  • Custom query

In the Complex search section a user can create different search queries of different complexity, including logical operators. A search query also can check intercepted data on compliance with thesauruses or digital fingerprints. Complex search tools provide the possibility to create rules of search, that use combinations of conditions.

Among others: matching of text content of the captured data, IP-addresses (local or remote), the specified port (local or remote), user name, data size, data type, date of interception and other attributes.

DLP Complex search

Creating a search request

Data can be searched by a certain text, a user name, by a size of data, by a type of data and many other parameters. Logical operators also can be used.

DLP Complex search
For the text search

The possibility to search documents containing any of the specified words, all the words specified, an exact phrase or none of the words entered in the search query; if you enter several words into the line, they are to be separated by spaces; if you wish to add an exact expression alongside with separate words, the expression has to be put in quotes.

DLP Complex search

Besides, you can specify additional conditions of keywords search by clicking the unfold button to the right of the field:

Search by data types (Search in option)

Search in the information sent or received via email, instant messengers, Web (HTTP protocol), as well as sent and received files and other data types.

DLP Complex search
Search by users

The system allows searching for user related data based on the following conditions: User card, Controlled user name, User SID, User display name.

  • User card
  • Controlled user
  • User SID
  • User display name
DLP Complex search
Search by date

Specify one of the following conditions: Equal (search for data transferred on the specified date), Not equal (search for data transferred on any date except specified), Within range (search for data transferred during the specified period), Beyond range (search for data transferred any day except the specified period) and Last N days (including the current day).

DLP Complex search
Search by time and day of week
DLP Complex search
DLP Complex search
Search by size
Document status

The system mark every intercepted document with a specific status. There are four document statuses which can be used for search:

  • Encrypted – To search for encrypted data, select the Encrypted option in the menu and select the Encrypted information detected or access to the information restricted check box . If this option is switched on, the system will generate and send notifications every time it detects encrypted data (this could be password protected archives, MS Word or MS excel documents, etc.). If this option is disabled, the system will only analyze unencrypted data and ignore encrypted documents;
  • Decrypted – data transferred over SSL and which was decrypted by the agent select the Decrypted option;
  • Corrupted – data which was corrupted upon transfer or initially use this option;
  • Blocked – data which was blocked by the blocking rules due to the security policies.
Recognized content
  • Text recognized
  • Stamps recognized
  • Speech recognized
DLP Complex search
Search by process parameters
DLP Complex search
Regular expression
DLP Complex search
Searching by computer

When searching by computer you can select Name or SID condition type. All data that were intercepted from this computer will be find.

Searching by domain attributes

When searching by domain you can select Name or SID condition type. All data that were intercepted from the computers that belong to specified domain will be find.

Searching by IP addresses or ports

When searching by IP addresses or ports, one can set the following parameters:

local or remote (to search for data transmitted from or to local or remote computers with the specified IP addresses or via specified local or remote ports), local (to search only for data transmitted from or to the local computer with the specified IP address or via specified local port), remote (to search only for data transmitted from or to the remote computer with the specified IP address or via specified remote port);

equal (to search for data transmitted from or to the specific computer with the specified IP address or via specified port), not equal (to search for data transmitted from or to any computers except for the one having the specified IP address or via any port except for the specified one), within range (to search for data transmitted from or to computer having IP addresses within the specified range or via specified range of ports), beyond range (to search for data transmitted from or to any computers except for those having IP addresses within the specified range or via any port except for the specified range of ports).

Search in the email traffic
Search in the messengers traffic
Search in Web interception results
DLP Complex search
Search by devices

To search on data related to devices with specific parameters use the Devices condition and set the type of devices control data. Two types are available for choice: devices audit and intercepted from devices data.

To search any information in the data transferred to external devices or any data about devices usage specify a devices attribute.

Search in printer interception results
DLP Complex search
Search in intercepted screenshots

To search for screenshots that were made under certain conditions select one of the available options:

  • Window change – screenshots that were made because of window focus change;
  • PrtScr – screenshots that were made when Print Screen button was pressed;
  • Timer – screenshots that were taken because of a timer cooldown;
  • Process start – screenshots that were taken every time a new process was started;
  • Browsing tab switching – screenshots that were taken because active browser tab was switched;
  • Blocking rule triggered – screenshots that were taken because blocking rule was triggered;
  • All – search for all made screenshots.
Search for specific files by their names or extensions
DLP Complex search
Search request with a custom attribute

To search for documents with custom attribute that wasn’t provided in the main set of search conditions, select Custom attribute in the condition list and enter the name of attribute and its value in the related fields.

Creating a custom search condition

2021 MD11 ict engineering & consulting