Rules and Actions

By using content detection rules, you can define the type of content to discover and specify the actions to perform on the discovered data. Similar to DeviceLock Service’s content-aware rules, content detection rules use content groups to determine the data to which a given rule should be applied.

Content detection rules are created based on content groups that enable you to centrally define the types of content to discover. Each rule employs a certain content group, and specifies the actions to apply to the discovered data. The rule’s content group specifies the search criteria for the data to which those actions are to be applied.

All content groups are stored in the Content Database. The Content Database for DeviceLock Discovery is stored in the SQL database of the Discovery Server. As a result, all consoles communicating with the Server will operate with a single common Content Database.

Note: Groups stored in the Content Database of the DeviceLock Service can be imported to the DeviceLock Discovery Server. For instructions, see Importing and Exporting Rules.

The following content group types are available:

•File Type Detection - Identify files by using file type-specific signatures.

•Keywords - Look for specific keywords or phrases in data/files.

•Pattern - Look for specific text fragments by using Perl regular expressions.

•Document Properties - Look for specific document properties, such as size, name, etc.

•Digital Fingerprints - Check digital fingerprints of data/files.

•Complex - Compose a logical expression of multiple group types.

For more information about content groups, refer to the Configuring Content Groups section.