User guide

iGuard/inSight User Guide

Release 7.0.0.4

1. Go to the Policies tab.

2. Click on a policy.

3. Click on a rule you want to tune, or Add Rule.

4. If not already set, change the Inherit Policy State to Disabled.

5. Define the rule by setting conditions.

Tip: Each iteration of the rule should reflect your "best guess" of the parameters that will yield

the results you want.

6. Save.

7. Click on the rule to launch the Edit Rule window.

8. To start testing the rule, Execute search.

9. When the incidents window launches, evaluate the results. If you are not satisfied,

modify the search and repeat the process.

10. When the rule is performing correctly, Save.

11. Reset the Inherit Policy State to Enabled (optional for user-defined rules).

Note: The procedure is the same for a rule under a user-defined policy except for the fact that

it can remain in the Disabled state. Its parent policy will be an inactivate state anyway

because the user will be managing the rule by explicitly activating it.

Example

Suppose you want to find Social Security numbers in circulation on your network, but you are

getting too many false positives — results that technically match the rule, but do not violate your

company's privacy rules. For example, they may be transmitted during routine Human Resources

operations, or the numbering pattern may resemble a product part number.

1. Go to the Policies tab.

2. Click on a policy.

3. Select a rule under the policy.

4. In the Edit Rule window, change the Inherit Policy State to Disabled, if it is not

already set.

5. Edit the rule to exclude traffic to and from certain email addresses