Manage saved searches with BlueXP classification
Suggest changes
PDFs
BlueXP classification supports saving your search queries. With a saved search, you can create custom filters to sort through frequent queries of your data Investigation page. BlueXP classification also includes predefined saved searches based on common requests.
|
In versions of BlueXP classification earlier than 1.43, saved searches were called policies. |
The Saved searches tab in the Compliance Dashboard lists all the predefined and custom saved searches available on this instance of BlueXP classification.
Saved searches also appear in the list of filters in the Investigation page.
View saved searches results in the Investigation page
To display the results for a saved search in the Investigation page, select the 
button for a specific search then select Investigate Results.
Create custom saved searches
You can create your own custom saved searches that provide results for queries specific to your organization. Results are returned for all files and directories (shares and folders) that match the search criteria.
-
In the Investigation tab, define a search by selecting the filters you want to use. See Filtering data in the Investigation page for details.
-
Once you have all the filter characteristics set to your liking, select Create saved search.
-
Name the saved search and add a description. The name must be unique.
-
Select Create Saved Search.
Once you've created the search, you can view it in the Saved searches tab.
Edit saved searches
You can modify the query criteria for a saved search (that is, the defined filters) to add or remove certain parameters.
You cannot modify default saved searches.
-
From the Saved searches page, select Edit Search for the search that you want to change.
-
Make the changes to the name and description fields. To only change the name and description fields, select Save search.
To change the filters for the saved search, select Edit query.
-
In the Investigation page, edit the query. You can add, remove, or modify filters. To complete your changes, select Save query for this search.
Delete saved searches
You can delete any custom saved search if you no longer need it. You can't delete default saved searches.
To delete a saved search, select the button for a specific search, select Delete search, then select Delete search again in the confirmation dialog.
Default searches
BlueXP classification provides the following system-defined search queries:
-
Data Subject names - High risk
Files with more than 50 data subject names
-
Email Addresses - High risk
Files with more than 50 email addresses or database columns with more than 50% of their rows containing email addresses
-
Personal data - High risk
Files with more than 20 personal data identifiers or database columns with more than 50% of their rows containing personal data identifiers
-
Private data - Stale over 7 years
Files containing personal or sensitive personal information, last modified more than 7 years ago
-
Protect - High
Files or database columns that contain a password, credit card information, IBAN number, or social security number
-
Protect - Low
Files that have not been accessed for more than 3 years
-
Protect - Medium
Files that contain files or database columns with personal data identifiers including ID numbers, tax identification numbers, drivers license numbers, medicinal IDs, or passport numbers
-
Sensitive Personal data - High risk
Files with more than 20 sensitive personal data identifiers or database columns with greater than 50% of their rows containing sensitive personal data