Skip to main content

Logo

Jeff Holden's Personal Meeting Room - Shared screen with speaker view
David Rothrock
10:19
Sounds good
Eric Egan
22:04
can it run w/o a client n the endpoint?
Eric Egan
25:21
ic, thank you
Anthony Ginger
31:14
Will that catch a mapped drive?
Michael Thompson, Spirion
35:07
It can, if you configure your searches to follow a mapped drive by drive letter or UNC path
Michael Thompson, Spirion
35:37
Out of the box, we are only locating at local data since we do not want to start hitting everyone's file servers without explicityly being told to do so
coberlin1
38:53
Would you run without an ACTION to determine for instance how many redactions might occur or is there a 'test' type option?
ferhat indi
38:55
AD has a manager attribute, so does spiron let the manager know that one of the employee has ssn numbers
Shawn Pullum
38:59
not bored, very interesting, thank you :)
Michael Thompson, Spirion
40:04
@coberlin Yes, I typically do my workflow rules just classifying the data within the Console to make sure I have a good rule set
coberlin1
41:54
If you later apply, does it require a new search or will it work from the results of the first search?
coberlin1
42:28
I can envision getting asked well how many documents are going to get redacted BEFORE I redact them...and will need to search a large amount of data
Eric Egan
42:55
Will you show what quarantine looks like form the user point of view?
Eric Egan
44:37
ty
Jasmine Robinson - SMCCCD
44:49
Is there a quick start guide with a list of recommended workflow rules based on best practices and legal requirements for california community colleges. Seems like we would probably have the same rules 80% of the time and it would be time consuming to create.
coberlin1
47:12
Just to confirm...for example, you can redact SSNs or Credit Card numbers in email messages in an on premise Exchange?
coberlin1
48:54
makes sense..thanks
Eric Egan
48:57
and 365?
Eric Egan
49:08
nice
tbwutzke
55:56
Do you guys have an in depth training course for all of this?
mtsac-ops
56:03
does the quarantine stomp on timestamps? In case an investigation needs to happen?
tbwutzke
57:23
Would love to have a hands on training (having issues setting up the web console)
ferhat indi
58:28
I was playing arround last week, SPirion is able to read screenshots, like png find out MRN, my question is OCR works on PDFs?
coberlin1
59:15
I have seen it detect handwritten SSNs on pdfs .
cschroeder
59:59
handwritten SSNs? Holy smokes! That is cool.
coberlin1
01:00:12
printed to be clear
tbwutzke
01:00:41
would love to get into that training. How do I sign up?
cschroeder
01:00:57
Can you show the timestamps? Question from mtsac-ops asking if quarantine stomps on that....
Craig Oberlin
01:08:17
Can you _search_ email archived in Dell/Qwest Archive Manager?
Craig Oberlin
01:09:15
makes sense
tbwutzke
01:09:20
Good to me
Jasmine Robinson - SMCCCD
01:09:33
Accountability, love it =)
ferhat indi
01:11:25
you shouldn't tag the e-mail archiver.you will contaminate the evidence,
Craig Oberlin
01:11:41
understood...hence the _search_
Craig Oberlin
01:12:33
Use CASE: HR doing investigations looking for keywords in email ....the search function in Dell Archive Manager is horrific.
mtsac-ops
01:14:31
is the data on the sql database encrypted?
Eric Egan
01:15:18
does it work with any helpdesk programs to make tickets?
Aaron Kay - VCCCD
01:15:38
is there any sort of SEIM intergration?
Aaron Kay - VCCCD
01:15:54
oops, SIEM
mtsac-ops
01:16:37
where does the decryption keys reside? Does this make the endpoint and central DB now highly sensitive?
Craig Oberlin
01:19:33
Is there a 'rule of thumb' for the number of Discovery Workstations needed to search xTB of data in a 'reasonable' amount of time?
Aaron Kay - VCCCD
01:21:15
So having some Discovery teams at a given worksite, reporting back to a central console, can be used to search other endpoints that don't have agents?
Eric Egan
01:22:06
how much space per workstation or server is needed?
Aaron Kay - VCCCD
01:22:59
Thats' great. Will facilitate the ability to just do discovery as a first task while getting comfortable with what kinds of issues we are raising with this product.
Eric Egan
01:24:27
where can we get them?
Eric Egan
01:24:44
:(
Craig Oberlin
01:24:57
:)
Eric Egan
01:25:24
VM specs too?
Craig Oberlin
01:25:47
someone has to do the heavy lifting
Eric Egan
01:26:08
:)
Eric Egan
01:27:42
Will this be cloud based in the future?
Michael Thompson, Spirion
01:32:05
https://support.spirion.com/hc/en-us/articles/115000019892-Creating-a-Custom-Installer-for-Windows-MSI- For the MSI builder article from our KB
Michael Thompson, Spirion
01:33:12
https://support.spirion.com/hc/en-us/articles/115000020192-Enabling-Verbose-Debug-Logging-for-the-Endpoint-Service
Eric Egan
01:34:34
This gets installed on all endpoints? or a few?
Eric Egan
01:35:29
Is there a silent option?
Eric Egan
01:36:00
ic
ferhat indi
01:37:11
where is spirionmsi builder located?
Michael Thompson, Spirion
01:37:25
at the bottom of that KB article
Michael Thompson, Spirion
01:37:38
the first one for the MSI Builder
Craig Oberlin
01:38:01
save chat option....to the right
Eric Egan
01:42:16
Portal URL?
Michael Thompson, Spirion
01:42:56
Jeff is the only person with a portal account - i believe he is going to post if he already has not already
Craig Oberlin
01:43:21
...and I presume that MAC and Linux endpoints are unsupported....
Craig Oberlin
01:43:40
....squirrel.....
Eric Egan
01:43:57
ty
ferhat indi
01:44:40
can you show us quickly how to integrate ad?
Craig Oberlin
01:45:28
...and Dell/Quest Archive Manager ? Is it searchable?
Paul Blair
01:49:19
Does/Can the IIS component play well with existing IIS web apps - or can you choose which website to install the IIS component on? We have a server that runs both SCCM and WSUS and it would be nice to install this on that server.
Eric Egan
01:55:54
What will the user see when their file is quarantine? What options are there to notify them?
Frank Ramos - Spirion
02:04:16
@eric. you can leave behind a tag(txt) file like I showed, with some text telling them what has happened.
Eric Egan
02:05:26
ok, ty
Eric Egan
02:05:35
Are the Discovery Servers stand alone or just added to servers that already have a purpose? What’s the load?
Craig Oberlin
02:11:53
Dell/Quest Archive Manager ?
Eric Egan
02:11:55
ty
Eric Egan
02:12:53
how many endpoints per team?
Michael Thompson, Spirion
02:13:01
start with 4
Eric Egan
02:13:19
ty
Craig Oberlin
02:13:42
ok, thanks
Craig Oberlin
02:15:17
Thank you both.....and thanks Jeff
Eric Egan
02:15:19
video of this?
Eric Egan
02:15:28
ty
Brandon Jones
02:15:48
Thank you, thanks Jeff!
Shawn Pullum
02:16:03
Thanks everyone!