About Data Control Search
Applies To: WatchGuard Data Control
With WatchGuard Data Control, you can search the content of files with and without PII. The index stores the content of each file in a standard format. To search for files with specific PII content or any other sensitive content, the target computers much have:
- Data Control license assigned.
- Data Control settings profile assigned with the Allow Data Searches on Computers option enabled. For more information, see Data Control Settings.
For information on how to create a search, see Search Files with Data Control.
For information on how to change the accuracy of searches, see Configure Advanced Indexing in Data Control.
Search Limits
Data Control searches have these limits:
- The maximum number of simultaneous searches in the management UI for each user account is 10.
- The maximum number of searches saved for each user account is 30.
- The total maximum number of results for each search is 10,000 records. Data Control does not show results above this number.
- The maximum number of results for each computer is 10,000 divided by the number of computers on which the search ran. For example, if you search on a network of 100 computers, the maximum number of results shown is 10,000/100 = 100 results for each computer.
- The minimum number of results shown for each computer, regardless of the number of computers on the network, is 10.
- The maximum number of computers on which searches can run simultaneously is 50. If the total number of computers in the search is more than 50, Data Control queues additional searches until the searches in progress complete.
Search Result Normalization
Data Control applies a number of rules to homogenize indexed data. Searches you run are performed on the normalized data. Normalization removes all unnecessary characters. These rules can affect the results shown in the dashboard.
String Conversion to Lowercase Letters
Before Data Control stores a string in the database, it converts it to lowercase letters.
Special Characters
Data Control detects these special characters as separators between words.
- Carriage return: \r
- Line break: \n
- Tab key: \t
- Characters: " : ; ! ? - + _ * = ( ) [ ] { } , . | % \ / ’
Data Control removes these characters from indices unless they are part of a data type. For example “WatchGuard.Data(Control” is stored as three separate words without the punctuation: “watchguard”, “data” and “control”.
Normalization of PII Data Types
The normalization of PII data types follows different rules. For more information, see Data Control Search Syntax.
Data Type | Separating Characters |
---|---|
Bank account numbers Credit card numbers Personal ID numbers Phone numbers Driver’s license numbers Passport numbers Social security numbers | Separating characters are removed. The data type is stored in the index as a single set.
|
IP addresses Email addresses | Separating characters are respected. The data type is stored in the index as a single set. |
First and last names Postal addresses | Separating characters are used as separators. The data type is stored in the index as multiple items. |
Normalization Examples for PII Data Types
- “1.42.67.116-C” is stored as IDCARD “14267116C”.
- “192.168.1.1” is stored as IP “192.168.1.1”.
- “Acme Company 51st Floor” is stored as “acme”, “company”, “floor” when the indexing method is Index Text only or as “acme”, “company”, “5”, “1”, “floor” when the indexing method is Index all Content. For more information, see Configure Advanced Indexing in Data Control.
Best Practices for Search Normalization
Consider these recommendations to make sure that your searches are compatible with the search normalization process:
- Use lowercase letters.
- To search for bank account numbers, credit card numbers, personal ID numbers, social security numbers, passport numbers, or driver’s license numbers, do not use separator characters, such as hyphens.
- To search for IP addresses and email addresses, enter them in full, including periods and @ characters, if applicable.
- To search for phone numbers, remove any separator characters. Enter the country code, if necessary, without the + character.
- To find postal addresses, do not use the numbers.
We recommend that you review the configured settings for the type of content to index, as well as the list of excluded files. These settings affect the number of search results.
Search Files with Data Control
Manage Searches in Data Control