User guide
iGuard/inSight User Guide
Release 7.0.0.4
23
.
6. Click Search.
You may prefer to target the search for specific elements by using a more complex command line query. In
this case, the user's local hostname is known, so it is entered using the location identifier.
To use the location function (loc:) to identify the user's hostname you must have DHCP
enabled on a 7.1.x iGuard.
Additional information can be added on the command line to narrow the query. In this case, there may be
reason to believe that information may be found in the user's webmail or chat sessions.
Tune a Rule to Exclude Approved Business Processes
iGuard rules are created from saved searches, and the process of creating an efficient rule
depends on experimenting with searches until the resulting rule gathers precisely the information
that is needed. After the search process is perfected, a new rule can be saved and utilized.
When you get the results of a query you have formed, you may find that the query has gathered
"dolphins along with the tuna." By tweaking the original rule, you can exclude any parameter that
gathers extraneous data.Tuning rules in this way helps to eliminate false positives and focus only
on significant data when extracting information from the data stream.
For example, you may want to create a rule that finds financial information in office documents that
may be found on the network in email attachments.