Classification Processes

• Classification Process Overview

• Create a Classification Process

• Run a Classification Process

• View Classification Results

• View the Classifier/Assessment Job Queue

Classification Process Overview

A classification process defines a job consisting of a classification policy and one or more datasources. Any classification process can be run on an ad-hoc basis. If a datasource referenced by that process has not stored login information, you will be prompted to supply the necessary login parameters. If login information has been stored for all datasources used in a classification process, that process can be included as a classification task in a compliance workflow automation process, which can be run on an on-demand or scheduled basis (see Compliance Workflow Automation).

How the Classification Process Works

When a classification process runs, it should have very little impact on the database server.

To prevent overloading the server when scanning data, the classification process always samples the database, never reading more than 1,000 rows. It begins by scanning sets of 50 consecutive rows returned by the database server, beginning with the first row. The second set of 50 begins with the 1000th row. Thereafter, it skips ahead by powers or two, such that the next block of 50 begins 2K, 4K, 8K, 16K, 32K, and so forth. During this process, if any query takes longer than 10 seconds, the skip interval is multiplied by 10, so if the current sequence is 640K, the next will be 6.4M, and so forth (until 1,000 rows have been sampled or there are no more rows in the table). If the row limit on the Search for Data rule is set higher than 1000, the same sampling technique will be used. Unless the table is quite large (greater than 262,144,000 rows), the sampling process will run out of rows before the maximum row limit is exceeded.

The Classifier also throttles itself to periodically idle so that it does not overwhelm the database server with requests.

If any one query takes longer than 12 minutes, the query will be cancelled, a message logged, and no more data will be sampled for that table. If any rows were acquired while sampling, they will be used to evaluate the rule for that table. This usually only happens on servers that are experiencing performance problems in general.

If, for some reason, an operation on the Processor takes over approximately 30 minutes, the entire process will be halted, a message will be logged with the process statistics, and the next Classification Process will be started.

In general, if there are many rules that are sampling data, the load on the database server should remain constant, but the process may take additional time to run.

• Back to top

Create a Classification Process

1. Do one of the following to open the Classification Process Finder:

• Users with the admin role: Select Tools > Config & Control > Classifier Process Builder.

• All Others: Select Discover > Classification > Classifier Process Builder.

2. Click New to open the Define Classification Process panel.

3. Enter a name for the process in the Process Description box.

4. Select a Classification Policy from the list.

5. Click the Add Datasource button to add one or more datasources. See Datasources in the Common Tools book for information about using and defining datasources.

6. Click the Save button. This completes the definition of the classification process.

7. Optionally add comments to the definition. See Comments.

8. Optionally add security roles. See Security Roles.

9. Optionally submit the classification process for execution. See Run a Classification Process, below.

10. Click the Done button when you are finished.

• Back to top

Run a Classification Process

There are two ways to run a classification process:

• On demand from the Classification Process Builder (see below)

• As a task within a compliance workflow automation process (see Compliance Workflow Automation).

1. Do one of the following to open the Classification Process Finder:

• Users with the admin role: Select Tools > Config & Control > Classifier Process Builder.

• All Others: Select Discover > Classification > Classifier Process Builder.

2. Select the process to run, and click Modify to open the Classification Process Builder.

3. Click the Run Once Now button to submit the job. This places the process on the Classifier/Assessment Job Queue, from which the appliance runs a single job at a time. Administrators can view the job status by selecting Guardium Monitor > Cls/Asmt Job Queue. See View the Classifier/Assessment Job Queue, below

4. Click the Done button when you are finished.

• Back to top

View Classification Results

1. Do one of the following to open the Classification Process Finder:

• Users with the admin role: Select Tools > Config & Control > Classifier Process Builder.

• All Others: Select Discover > Classification > Classifier Process Builder.

2. Select the process that created the results to be viewed, and click Modify to open the Classification Process Builder.

3. Click the View Results button. The results will open in a separate window.

4. On any row of the Process Run Log, click (details) to display more information.

5. Click Close this window when you are done viewing the results.

• Back to top

View the Classifier/Assessment Job Queue

The Classifier/Assessment Job Queue is available from the administrator portal only.

To view the report, select Guardium Monitor > Cls/Asmt Job Queue to open the Classifier/Assessment Job Queue panel.

• Back to top