Actions
After configuring triggers within a data protection rule, the next step is defining actionsto be executed, and optional notifications for administrators and end users. This enables the system not only to automate specific operations but also to appropriately inform about their execution.
If you do not want to define actions and only want a notification for the trigger, toggle the switch and proceed to the next step - Notifications.
New data protection rule step by step - Actions
Tag configuration (optional)
A tag is an invisible label assigned to a file. The user does not see it, but the tag “follows” the file and allows monitoring of all operations performed on that file, even if its name is changed.
Correct tag configuration is crucial for the system to properly classify and identify data.
Actions Add marker and Remove marker are available only when no trigger is selected. Optionally, it is also possible to configure adding a tag as part of the trigger File operations.
Selecting or defining a tag:
An administrator can select a tag from an existing list or create a new one.
A tag is a unique identifier that enables easy identification of classified files.
A new tag should have a clear and understandable name that will assist in file management within the system.
Defining a content search pattern (optional):
Additionally, an administrator can define a content search patternthat the system will use for automatic file classification.
NOTE: Patterns are supported only for file masks: *.docx, *.xlsx, *.pptx, *.txt.
List of available actions:
No action – Useful when we do not want to perform any actions but plan to add a notification in the next step.
Task – Execute a PowerShell or CMD script from the list available in the system. (Script configuration is described in the Management).
Screenshot – Automatically capture a screenshot at the moment the rule is triggered. The screenshot is available in the logs.
Shut down computer – Automatic shutdown of the specified device.
Restart computer – Restart the selected device.
Screen recording – Record user activity on the screen at the time of the event.
Log out user – Log the user out of the session.
Block operation – Block the operation defined in the previous step (trigger block).
Add tag (optional) - A tag is an identifier invisible to the end user that “follows” the classified file in the NTFS data stream.
Remove tag (optional) - Removes a previously assigned tag from the file.
Startup message - displays the defined content to the user after each logon to the computer where the feature is enabled. Locking the screen does not cause the message to be displayed again - the message appears only after logging out and logging back in.
Periodic screenshots - performs periodic screenshots at a defined interval on selected devices or for specified users during their sessions.
USB encryption - allows configuration of encryption for connected external USB storage devices.
Tag
Classifies files based on parameters defined in subsequent steps of the data protection configuration.
Does not alter the file structure.
It may have any name, which should be simple and understandable for the administrator and clearly indicate what classification it pertains to. The tag name does not affect its operation in Windows and is only a string visible in the eAuditor console for identification purposes.
Tags (fingerprint) differ from labels – labels are independent and operate only within the eAuditor system.
Types of search patterns
Text (string):
Plain text that the system will search for in the file.
Example:
“Kowalski”– if the word “Kowalski” appears in the file content, the file will be marked as meeting the conditions.
Regular expression (RegEx):
An advanced way to define a pattern that allows searching for more complex data structures in files.
Examples:
PESEL:
\b[0-9]{11}\b– searches for an 11-digit PESEL number.E-mail:
[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}– searches for e-mail addresses.Phone number:
\b\d{3}[-.\s]?\d{3}[-.\s]?\d{3}\b– searches for phone numbers in the format 123-456-789.IP address (IPv4):
\b((25[0-5]|2[0-4][0-9]|[0-1]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9][0-9]?)\b- Searches for IPv4 addresses, e.g.192.168.1.1.Credit card number (16 digits):
\b(?:\d[ -]*?){13,16}\b– Searches for credit card numbers, e.g.1234-5678-1234-5678.Postal code in Polish format (XX-XXX):
\b\d{2}-\d{3}\b– Searches for postal codes in Poland, e.g.01-234.
After adding actions, you can proceed to the optional configuration of notifications that will inform selected people about events related to the rule execution. If notifications are not required, you can finish the rule by clicking the Assign to policy, which saves the configuration and returns the user to the main automation policies view.
Last updated
Was this helpful?