Getting started with Endpoint Data Discovery policies
NOTE Depending on the Absolute product licenses associated with your account, Endpoint Data Discovery (EDD) policies may not be available.
Endpoint Data Discovery policies control the collection of information about the file content stored on your Windows and Mac devices. You can set an EDD policy to scan the files on a device's hard drive for confidential or at-risk content. Scan results are reported in EDD reports and a Match Score A computed value indicating the number of content matches detected on a device during an Endpoint Data Discovery (EDD) scan. Depending on the context, the value shown for Match Score may apply to a file, a policy rule, or a device. is assigned to the results. You can review these reports to identify at-risk devices, and then initiate remedial actions to secure the content.
You can activate EDD policies on devices running a supported version of the Windows or Mac operating system.
The DAR component A lightweight software component of the Absolute agent that detects at-risk data stored on a Windows or Mac device during an EDD scan. The DAR component is deployed on a device only when the device is associated with a policy group in which the Endpoint Data Discovery policy is activated. of the Absolute agent is responsible for silently scanning the files stored on your devices to detect content that is confidential or at risk. When you activate an EDD policy, the component is activated on each device after the next successful agent connection to the Absolute Monitoring Center. A full scan of each device is then performed. During the scan, the DAR component opens each file on the hard drive, scans its content for specific pieces of information, encrypts that information and uploads it to the database using a secure connection. A full scan may take a few hours or a few days to complete, depending on the scan configuration and the size of the device's hard drive.
Policies include a set of predefined EDD rules that you can apply during an EDD scan. You can use these rules to detect the following types of content:
- Credit card numbers
- Encrypted or password protected files
- GDPR The General Data Protection Regulation (GDPR) defines a set of data protection rules that apply to all organizations that process data related to individuals residing in the European Economic Area (EEA). personal identifiers
- Personal financial information
- Personal health information
- US Social Security Numbers
The criteria used to detect this content is defined using expressions and algorithms.
You can also create custom EDD rules to find confidential or at-risk file content that is not detected by the predefined rules but is of particular interest to your organization.
During an EDD scan, the agent's DAR component detects all file content that matches an EDD policy rule. You can view the details about these matches in the following reports:
- Data Risk Assessment
- Devices with At-Risk Files in Cloud
- Match Score Summary
- Reporting Data
- GDPR Summary
You can also view this information on the Endpoint Data Discovery pages for each device.
EDD report information includes the details about the content that generated the match, the name and location of the file, and a Match Score A computed value indicating the number of content matches detected on a device during an Endpoint Data Discovery (EDD) scan. Depending on the context, the value shown for Match Score may apply to a file, a policy rule, or a device.. You can use these details to identify the devices that may require remedial action to secure the at-risk data stored in files on their hard drives. For example, if your organization uses Microsoft Azure Information Protection (AIP Microsoft Azure Information Protection (AIP) enables organizations to enforce policies governing the control and distribution of confidential or proprietary information. Depending on the Absolute products associated with your account, you may be able to use the Absolute console to protect at-risk files detected during an EDD scan.), you may be able to protect at-risk files directly from the Absolute console.