Policy Guide › Detecting Fingerprinted Files › Searching for Fingerprinted Files

Searching for Fingerprinted Files

You can use the iConsole to search for fingerprinted files detected by CA DLP. You need to filter your searches either by trigger name, (specifying the content agent triggers that detected the files) or by policy class (specifying the class assigned to these triggers).

For example, a bank sets up a CA DLP content agent named 'Source Code' to fingerprint its confidential software source code documents. It also enables a 'Source Code Content Agent' trigger in its user policies to stop employees copying these documents to removable USB devices. Reviewers can search for incidents when CA DLP blocked these documents by entering 'Source Code Content Agent' in the Trigger Name field.

To search for fingerprinted files

1. In the iConsole, edit the properties of the search that you want to run.

   Note: Only the Standard Search and the Data At Rest and Data In Motion standard searches enable you to filter your search by trigger name or policy.

2. Go to the Incidents tab of the Search Properties screen.
3. Do one of the following:
   • In the Trigger Name field, choose the Content Agent relevant triggers.
   • In the Policies field, choose the policy class assocaited with the relevant Content Agent triggers.