Data Integrity analysis allows you to analyze the state of managed content to determine if information has been sabotaged, modified, corrupted, or perhaps encrypted by Ransomware. You can optionally choose to automatically restore content that has been modified. Results indicate whether items have retained proper secured Integrity, and/ or if they were restored.
For more information related to secure cloud storage, refer to the article, Using :Recover.
This article provides details specific to Data Integrity (and Remediation) analysis, with general use common to all Analysis Types described in the article, Using :Respond. For a general overview, refer to the :Respond Introduction.
Setting Up a Data Integrity ExecutionThe :Respond UI is accessible from the SSProtect notification icon's context menu. Select Data Integrity (default) from the dropdown at the top left:
The Analysis Period will be disabled. Select any of the following remaining options:
- Include Org Users - This enables the Username list for independent User selection
- Restore Corrupted - Restores corrupted data items with proper, secured content
Data Integrity Analysis is by default - and always - scoped to your Account. When you select Include Org Users, you can then choose additional Users from within your Organization. In the Username Listbox, hold the CTRL key and click names to add to a selection set, or click the first in a contiguous set, then hold the SHIFT key and click the last - this will select all names in-between.
As of version v6.3.2, it is not possible to execute Data Integrity Analysis without including your own Account - whether present and selected in the Username list or not. Invalidated Users are never included in the given list from which to choose. See the Validation section of the article, Managing Organization Users.
Optimized Offloading and File Scope
You cannot control the scope of files included in the Analysis. For each User, the software works through locally managed content, which matches the set of files presented by the :Confidential Files dialog (when viewing Host display presented when first displayed). See the article, Managing Host Data, for details.
Items last converted with Optimized Offloading are not included in the Analysis. For more information, see the article Operating Modes, controlled by Policy actions specific to Account Configuration described in the article, Managing Your Account.
Shared Content and File Scope
As of v6.3.2, content shared by external parties for your Organization Users does not get included in Data Integrity Analysis. As a result, shared content cannot (yet) be Integrity-reviewed using :Respond (since scope is specific to Account-local host operation). This will be adjusted in an upcoming release to align with support for Third Party Trust data in Disclosure Analysis).
Select Data Integrity options, choose additional Users for whom the Analysis should be performed, then select Start. This begins execution on your local host computer - for your Account (as noted above) - and as noted in the article, Using :Respond, you will observe state transitions as each phase of the Analysis executes.
Data Integrity execution requires Analysis of all protected files on your host computer. Results are securely dispatched to the cloud for comparison with expectation, generating results that indicate what has been corrupted and what has not.
Working While Analyzing
You can navigate away from the :Respond UI, perform a Refresh Login... operation, and even Exit and restart the :Foundation Client - without affecting operation so long as you wait for dialog controls to be re-enabled after Starting (i.e. don't End Process from a Task Manager, for example).
The require timeframe varies, and it is specific to the amount of content you are locally working with, the size of that content, and the speed of your host computer - among other variables.
Note that other Analysis Types permit navigation in a shorter period of time, since most other Analysis operations are carried out by KODiAC Cloud Services.
When you scope Analysis for other Users, Analysis begins during the first subsequent Login each scoped User performs. This is presented in the Startup sequence, described in the article, 1st Time Use. This requires that each User agree to execute the scheduled Analysis, else Login is denied. Future releases will modify behavior to work in the background, at a low priority, to minimize User disruption and computational impact to the host.
Controlling Execution with the Userlist
Analysis will not proceed to the Report state until all Users have performed the Analysis, making up the final required dataset. If some Users are not available, or unaware that you require them to carry out this action, you can utilize the Userlist for assistance.
During Integrity Analysis execution, though only after your initial local host Analysis completes (not above), the Userlist button on the right and above the Analysis Sets (which are disabled during Analysis) will be enabled. Click the button to gain access to the set of scoped Users and their respective progress, as shown below:
Choose any User's line-item, then Notify to dispatch an email message that notifies the User of the Analysis requirement and additional request for Refresh Login... operation. Subsequent User Login will result in a Startup prompt for Analysis execution. Similar to the initial Analysis timeframe for local host execution, the period of time required for User execution varies (in the same way and scoped to the same type of information).
This typically takes a few moments, but can take a few minutes in exceptional cases where significant amounts of data are under management (GB).
If a User is non-responsive and you wish to complete the execution without their information, you can select his/ her associated line-item in the Userlist, then click Abort. This will remove the User from the Analysis (as indicated by the subsequent Abort status), which can unblock final execution for you to see results. Note that you can always perform another Analysis operation including this User, at any time.
User Execution Failure
If execution fails for an individual User, the system attempts to perform a User Abort operation. This not only unblocks continued Data Integrity Analysis execution, but also insures Users won't be repeatedly prompted to perform Data Integrity Analysis after Login.
Working Around Stuck Users
If you encounter a condition that prohibits User Abort, contact Support. To regain immediate Analysis capability, Abort the Managing Analysis Set, then Remove it before submitting a new request (perhaps without the offending User, at least until problems are identified and addressed).
As noted in other related documentation, non-owner (Privileged) Users that are not scoped to be a part of this Analysis, also in your Organization, will not be able to perform Analysis operations until your outstanding request runs to completion. As expected, this also requires all scheduled Users to process to completion (Closed or Aborted).
Also note that, as of v6.4.0, non-owner (Privileged) Users cannot command individual Users with the Userlist. This will change in a future release to support concurrent Administrative action from a team of Privileged Users.
Remediation and Restored Version Details
When you perform a Data Integrity Analysis and choose the optional Restore Corrupted option, items found to be different than expected get renamed with a, ".old" extension, then replaced with the latest secured version from the cloud. This does not always result in the latest version of the document.
:Recover allows you to Restore the last version of a managed item - though the last version you specifically managed (created or saved). When an Organization peer or Third Party Trust makes changes after your last operation, Restore does not provide those versions - it always refers back to the last version with which you were specifically involved.
This is by design, specifically to isolate sharing peers from having interim versions exposed without their knowledge, intent, or consent. This follows the standard and typical reality of sharing unmanaged data files; if you don't specifically send someone an interim version, they won't see it (without engaging in malicious behavior). SSProtect follows this reality to minimize questions and uncertainties in how information is exposed to others.
If you have questions or concerns about this functionality, contact Support using the information at the end of this article.
Analysis Line-Item Details
On the original page (which you can reach by choosing Analysis Sets from the Userlist), you will see the resulting Analysis Set after you click Report (to complete the Analysis, as noted in related documentation). The resulting line-item includes the date/ time (UTC) the Analysis was started, the owner (an Organization Administrator, Delegate, or Individual Account, which will be your Account for these purposes), and the additional details explained below.
The Org Summary Risk column shows results when the line-item is for a Disclosure Risk analysis. Refer to the article, Using Risk Analysis, for details.
The Remediation column displays the number of analyzed items, the number found corrupted, and the number restored when the Analysis is executed with the option, Restore Corrupted as follows:
x of y/ z
x is the number of Restored items (requires Restore Corrupted and :Recover)
y is the number of items found to be corrupted, i.e. don't match cloud integrity
z is the total number of analyzed items for the Analysis scope
This information is also available on the Userlist display with each associated participant, though in a slightly different (and straightforward) format.
The Src, Scope, Ext column enumerates parameters for the given Analysis Set, described in detail in the article, Using :Respond.
You will find all related details in the final Report associated with each Analysis, available by choosing, View Report. For additional information, refer to the article, :Respond Reports.
For More Information
Refer to the references in this article, and their related content, to gain a deeper understanding of the Analysis procedure and results. For specific questions, return to the articles in this section, or contact Support with an email to firstname.lastname@example.org. For more pressing matters, use the number at the right of this column.
This article was updated w/ v6.4.0 of the :Foundation Client