Tracking Groups
On This Page
- 1 Overview
- 2 Understanding Tracking Groups
- 2.1 Priority
- 2.2 Risk Level
- 2.3 Name
- 2.4 Cost per Incident
- 2.5 Assignment Rules
- 2.6 Actions
Overview
A tracking group is a label (or category) assigned to a file when a policy runs. A policy can contain multiple tracking groups, and each tracking group includes multiple pieces of information that determine everything from the criteria a file must meet to be included in the tracking group to the actions to be taken against the file in that group. The tracking groups are the heart of the policy.
Understanding Tracking Groups
Tracking groups contain multiple pieces of information: priority, risk level, name, cost per incident, assignment rules, and actions.
Priority
DryvIQ evaluates the tracking groups in priority order--the order they are sorted within the policy. Although a file may match the rules for multiple tracking groups, it can exist in only one tracking group, so it will be assigned to the first matching group. Therefore, you should order your tracking groups from the highest risk level to the lowest risk level to ensure a file is always matched against the higher risk levels first.
Risk Level
The risk level indicates the sensitivity of the content in the file and how negatively it could impact your organization if it remains in its current state. The risk level is defined at the tracking group level, so all files within the group are classified with that risk. For example, if you create a tracking group named "Sensitive" and set the risk level to "High," any file that meets the assignment rules for the tracking group is considered high-risk and will be flagged accordingly.
Name
You assign a name to each tracking group. The name displays in all reporting for the tracking group. The group name should follow a logical labeling schema that helps identify both the tracking group and the content it is designed to track. The name is limited to 255 characters.
Cost per Incident
Each tracking group can be assigned a cost. This is the amount a file in the tracking group could cost the company in legal fees or penalties if it remains in its current state. For example, if a file contains sensitive data and is stored in a shared location (network shared drive, cloud storage platform, etc.), it could cost the company a set amount of money in fines if the company’s data were to be audited or if a security breach allowed that file to be exposed. The cost is included in the tracking group's reporting, so you can see the total cost (cost × the number of files in the tracking group).
Assignment Rules
Assignment rules are lists of entity types to run against a file. You can add multiple assignment rules to a tracking group, and each assignment rule can consist of multiple.
The list of entity types within a single assignment rule serves as an “and” condition. A file must match all listed entity types to be added to the tracking group.
Each individual assignment rule serves as an “or” condition. DryvIQ will compare each file to each assignment rule in a tracking group. If the file doesn’t match an assignment rule, DryvIQ will work through the subsequent assignment rules in priority order. As soon as the file matches an assignment rule, DryvIQ adds it to the corresponding tracking group.
If the last tracking group on a policy contains an empty, unnamed assignment rule, the system will treat this tracking group as the “catch all” group for the policy. Any items not assigned to one of the “full” tracking groups on the policy will be assigned to this tracking group. See Assignment Rules for more information.
Actions
The actions for a tracking group tell DryvIQ how to handle the files in that group. Multiple actions can be applied to the tracking group to force remediation through an approval workflow, or you can take a definitive action against the file as soon as it is assigned to the tracking group.