Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 41 Next »



The Search Detail Summary page gives you complete details on a selected search. You will see the status of your search including the matched files and collected files along with the search criteria, file-level results along with details of each endpoint requested.

Details of each grid area are listed below.


  1. Search Results and Action Card area
  2. File actions (Collect - Quarantine - Delete - Export CSV)
  3. Search Results Grid
  4. Endpoint status 
  5. Search Criteria 

Status

Once a search is executed, you will be able to view the status of a search on the search results action card in the upper left corner. Using the refresh button located throughout the interface will refresh the results of the page as files are brought back to the results grid. The status grid contains the following elements:

  • Matched Files - Displays total file count of executed search
  • Matched (MB) - Displays total megabyte size of executed search
  • Status - Consists of three states: Queued, Searching, Done
    • Queued indicates that endpoints are currently waiting to pickup a command to search
    • Searching indicates that endpoints are actively searching and returning results
    • Done indicates that all endpoints have completed their searches



Search Details Action Card



Search Criteria

The criteria by which a search was executed can be accessed by clicking on the "Show Query" link located next to the Search Details. The original query criteria will be displayed showing the endpoints and all of the groups used to create the search.


Search Details Criteria


Search Results Grid

The results grid displays file-level information from your search. It includes the following fields:

  • File Name - File name as shown on the endpoint including the file extension
  • Risk Score - The risk score calculated to a specific file
  • Tags- Auto classification of PII and other tags assigned automatically by Heureka's classification engine.
  • Keyword Match - If using keywords Interrogate will display a snippet of text along with the first word highlighted in yellow
  • Deleted - If a file has been deleted from the endpoint, a deleted flag will be displayed
  • Computer Name - The name of the endpoint computer
  • File Owner - File owner is automatically identified by the Interrogate endpoint service when indexing files
  • Extension - A file's extension (a file is NOT required to have an extension)
  • Local File Path - The path to the local file on the endpoint
  • SHA1 Hash - A file's hash value. Hash values are automatically calculated by the endpoint service during indexing
  • File Size - The file's size in megabytes
  • Doc Date - Document dates displayed are as follows:


Document TypeDisplay Date
EmailDate Sent or Date Last Modified
File (Loose File) 1st MethodDate Last Modified
File (Loose File) 2nd Method

Date Created

File (Loose File) 3rd MethodField Left Empty

Search Details Results Window



File Actions

There are four main actions that can be taken at the file level. First, you may collect files to a centralized location. Second, you may quarantine files which consists of a centralized collection followed by the removal of the original and a creation of a stub file on the endpoint. Third, you may delete files at the endpoint level. Finally, you may select files and have the system identify the parent/child relationships using "Find Parent Emails". Please click the desired links below for more information.

Collect

Quarantine

Delete

Find Parent Emails

  • No labels