Endpoint Scanning : Rules and Actions : Rules & Actions Node
  
Rules & Actions Node
When you select DeviceLock Content Security Server > Discovery Server > Rules & Actions in the console tree, the details pane lists all the content detection rules that currently exist on the server.
In the details pane, the following information is displayed on each rule:
Name - The name that identifies the rule. By default, the rule has the same name as its content group.
Type - The type of the content analysis. Possible values:
File Type Detection - Recognition and identification of files is based on their characteristic signatures.
Keywords - Recognition and identification of data/files is based on the specified keywords or phrases.
Pattern - Recognition and identification of data/files is based on the specified patterns of text described by Perl regular expressions.
Document Properties - Recognition and identification of files is based on their properties.
Digital Fingerprints - Recognition and identification of data/files is based on their digital fingerprints.
Complex - Recognition and identification of data/files is based on the specified content described by a Boolean expression.
Applies to - The unit types for which this rule can be used in discovery tasks. This can be any combination of the following values:
Computers - The rule can be used to discover files on computers or servers.
Elasticsearch nodes - The rule can be used to discover documents in Elasticsearch.
Action(s) - The action of the rule. Possible actions:
Delete - Deleting the detected content.
Safe Delete - Deleting the detected content with the use of a secure erase procedure as defined in US DoD 5220.22-M.
Encrypt - Encrypting the detected content by using Windows EFS (Encrypted File System).
Set permissions - Setting certain file system permissions on the detected files.
Apply to Containers - Means that the action can be applied to archive files, such as ZIP or RAR files, that hold the detected content.
Log - Recording an event to the Discovery Tasks Log that informs about the detected content.
Send Alert - Sending an alert that informs about the detected content.
Notify User - Notifying the computer user about the detected content.
The shortcut menu on the Rules & Actions node includes the following commands:
Manage - Opens a dialog box where you can create, view, modify or delete content detection rules and content groups.
Load - Loads rules from an export file. You can use this command to import content detection rules of Discovery Server as well as content-aware rules and content groups exported from DeviceLock Service.
Save - Saves all rules to an export file.
You can export rules to a file and then load them from the export file. This function may be useful, for example, when you need to copy rules to another server.
Refresh - Updates the list in the details pane with the latest information.
Since the console does not automatically update information displayed in the details pane, you need to update the list by using the Refresh command.
The shortcut menu on a rule in the details pane includes the following commands:
Manage - Opens a dialog box where you can create, view, modify or delete content detection rules and content groups.
Edit Rule - Opens a dialog box where you can view or change the action of the rule. You can also change the name of the rule.
Duplicate Rule - Creates a new rule with the settings copied from the selected rule. You can change the action and the name of the new rule in the dialog box displayed by this command.
By default, the new rule name is composed of the Copy of prefix followed by the name of the selected rule. When you create two or more copies of a rule, the new unit name includes a numeric suffix indicating the number of the copy.
Delete Rule - Deletes the selected rule.
Refresh - Updates the list in the details pane with the latest information.
Since the console does not automatically update information displayed in the details pane, you need to update the list by using the Refresh command.