Selecting items to include or exclude in a policy

Administrator Help | TRITON AP-DATA | Version 8.3.x

In the TRITON Manager, whenever you need to select items to include in a DLP or discovery policy, such as sources, destinations, channels, actions, or any other items, a selector tool appears. For most operations—selecting application names, content classifier names, or files, for example—the selector looks like this:

The selector is used to select which entities you want to include in the rule and which you want to exclude. Say you want users in the group Finance to be able to move, copy, and print corporate financial data in the /finance directory. You would select the group Finance with the Sources selector and you would select the directory /finance with the Destinations selector. Perhaps there is one exception—you do not want Finance user bsmith to have these privileges. On the Sources selector, you would add this user to the exclusions list.

You may have one or more exclusions to a rule. For example, perhaps Finance users should be able to copy data from all finance directories except /finance/executives (you would add these directories from the exclusions list on the Destinations selector), and you want to block bsmith from copying data.

To use the selector, complete the fields as follows:


Field	Description
Display	Select the entity—such as computers or networks if you are selecting a source—to display in the Available List box at the bottom of the page. If you do not see what you want to display, in some cases you can create a new resource by clicking the paper icon. See Defining Resources for instructions.
Filter by	Typically too many entries are available to display on one page. Use the Filter by field to specify criteria by which to filter the list. If you enter "jones", the system searches for any entry that contains the string "jones". It is equivalent to searching "jones". You can use additional wildcards in your filter string if desired. For example: "?" represents any single character, as in the example "file_?.txt". Click the Apply filter button to apply the filter or the Clear button to clear it.
Available items	Lists the items that are available for selection in the current display category. Use the page forward/backward controls to navigate from one page to the next, or to the first or last page. In some cases, a folder icon or up arrow appears. Click the icon to display the directory one level up in the directory tree. You can also click the breadcrumbs above the list to navigate to another level. If you chose Directory Entries in the Display field, hover over an item in this list to see all the fields that will be searched—login, full name, domain name, and email address.
Selected items	Use the right and left arrows to move items into and out of the selected list. If you want to include a computer named Bob_Computer, then highlight it on the left. Make sure the Include tab is active, and then click >. If you want to exclude Bob_Computer, make sure the Exclude tab is active when you click >. If you select more than 1500 items, you receive an error message. Consider creating a business unit to add more items to the Selected box. Tip: you can move a group of users, computers, networks, etc. into the Include box, then remove one user, computer, or network by highlighting it on the right and clicking Remove.

When you are selecting sources or destinations, you can either select items from predefined lists, or enter free text to identify the items to include in the policy.

On the sources and destinations selector:

From the drop-down list box, select Predefined lists if you want to select from lists; or select Free text to type the name of an item to include.

If you choose Predefined lists, complete the fields in the table above. If you choose Free text, a box appears:

In the space provided, type the entity you want to include. For example, if you are selecting a source, type the desired owner's email address. If you're selecting a computer, type the computer name or IP address. You can enter multiple items. If you do, separate them with commas. For example:

ssmith@example.com, mjones@example.com

By default, the system searches for all entities containing the word or words you type. For example, if you type "jones" for policy owner, it might return mjones@example.com, jjones@acme.com, and sjones@abc.com.

Entering "jones" is equivalent to searching "*jones*". Additional wildcards are allowed.

Click OK.