|
|
|
These parameters are specifically for importing files into CA DLP. Use them to associate CA DLP users with imported files and to determine how file capture dates are set. For Import Policy operations, you can also specify which user policy is applied to the imported files.
Note: Do not confuse these ImpFile.* parameters with the File.* file handling parameters, which cover such areas as the location of the source files to be imported, and whether to search subfolders for target files.
No default value. This parameter identifies which user policy is applies to imported files. It is mandatory when importing files as part of an Import Policy operation. The syntax is:
ImpFile.PolicyParticipant=<email address>, Yes or No
This parameter must be set to an email address followed by Yes or No. You must include a comma before the Yes or No option. This address must match an address associated with a CA DLP user (as listed in the User Properties dialog in the Administration console).
This parameter is only used when importing files as part of an Import Policy operation. For example, you may want to apply policy to imported files in order to categorize or apply smart tags to important business documents. When the policy engine processes an imported file, it maps the specified email address to a CA DLP user account and applies that user’s policy.
The Yes or No option determines whether this ‘policy user account’ is added to the list of event participants (in this case, the users associated with imported file). If set to:
The specified account is added to the list of event participants. Choose this option if you want to apply a specific user’s policy to the imported file and associate that same user with the resulting file event.
The specified account is not added to the list of event participants. You typically may choose this option if the ‘policy user account’ is not a real person, but simply an account that you use to apply a specific set of policy triggers. For example, you may have a Compliance user account with a customized user policy designed to enforce a specific set of regulations.
If you do not specify Yes or No, you do not need a comma and ImpFile.PolicyParticipant defaults to Yes.
No default value. Use this parameter to identify any CA DLP user associated with, or linked to, imported files. The syntax is:
ImpFile.AssociatedParticipant=<email address>
Typically, this user will be the author of the file. For example, if importing files from a specific user’s workstation or from their share on a file server, you can use this parameter to associate those files with that user.
The parameter must be set to an email address that matches an address associated with a CA DLP user account (as listed in the User Properties dialog in the Administration console). A single Event Import operation can only include a single instance of this parameter. For example, to associate all imported files with Spencer Rimmel, add this line to the import configuration file:
ImpFile.AssociatedParticipant=srimmel@unipraxis.com
If no associated participant is specified
All imported files are automatically associated with the machine hosting the source folder (only if the source folder is hosted locally—see the note below). Specifically, an address matching the machine’s domain name in Active Directory is associated with each imported file event and stored in the CMS database. This machine ‘address’ takes the form /cn=<computer name>/cn=computers. For example:
/cn=UX-MILAN-W2K3/cn=computers
This means that even if this parameter, ImpFile.AssociatedParticipant, is not used, each imported file is still associated with a ‘host machine’ address. In this situation (based on the example above), to ensure that files imported from host machine UX-MILAN-W2K3 can be retrieved during an iConsole event search, you would need to add the above machine address to the list of addresses specified for an appropriate CA DLP user account. You add new addresses in the User Properties dialog in the Administration console.
Note: If the import source folder is on a network mapped drive or a UNC path, a host machine address is not created and the resulting file event is not associated with a machine address.
Note: For further details about mapping file events to CA DLP users, see the ‘Event Participants’ technical note, available from CA Technical Support.
Defaults to Yes. This parameter specifies how the capture date assigned to imported files is determined. The syntax is:
ImpFile.EventDateFromFile=Yes or No
If set to:
The timestamp reflects the time and date when the file was last modified.
The timestamp reflects the time of import.
Defaults to No. Use this parameter to explicitly flag imported file events as being captured by the Network Boundary Agent (NBA). The syntax is:
ImpFile.SourceIsNBA=Yes or No
This enables you to differentiate between ‘Data In Motion’ and ‘Data At Rest’ events when searching for files in the iConsole or Data Management console—see the note below for details. If this parameter is set to:
All imported files in the current job are flagged as NBA file events. When you search for file events in the iConsole or Data Management console, NBA file events are represented by separate icons and the event type description is ‘File moving over the network’.
NBA file event icons
Data Management console
iConsole
Imported files are not differentiated by import or capture source. When you search for file events in the iConsole or Data Management console, all file events are represented by the same icons.
General file event icons
Data Management console
iConsole
Note: NBA file events are also referred to as ‘Data In Motion’ events. By contrast, file events captured by the File Scanning Agent (FSA) or imported from designated folders are referred to as ‘Data At Rest’ events.
This parameter is only applicable to files captured by the NBA during file upload and download operations and FTP transfers. It determines whether Event Import extracts the source and destination machine IP addresses from the NBA-generated file name and saves this address in the event participants table in the CMS database. The syntax is:
ImpFile.ParticipantsFromNBAFilename=Yes or No
By storing machine IP addresses as event participants, this provides a mechanism for associating file uploads, downloads, and FTP transfers with individual CA DLP users. In CA DLP terms, these machine addresses are referred to as ‘pseudo user addresses’. Details about filename formats for NBA-captured files are in the Network Implementation Guide; search the index for ‘filename formats’.
See the Important below and note the following:
Important! Only use this parameter if your organization assigns static IP addresses to users’ computers. Do not use this parameter if your organization uses DHCP. This is because of the risks associated with reassignedIP addresses. Specifically, if an IP address is reassigned to another user’s workstation, this may compromise Row Level Security (RLS) during subsequent event searches. (RLS ensures that reviewers cannot see events associated with users outside of their management groups when searching the CMS database for events.)
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |