Topics Map > Office of Cybersecurity > Tools and Software > Spirion

Spirion (Identity Finder) - Taking Action on the Scan Results

This document discusses general considerations when evaluating the results of scans. More detailed information can be found in the Spirion Help documentation in the Protecting Personal Information Topic. All documentation was performed with the Windows client of Spirion version 11.7.1 but the steps have been verified through Spirion 12.6. The user interface may look slight different depending on Spirion version.

Note: All data shown is false.

Viewing Scan Results
When Spirion finishes a scan, the user is returned to the Main window.

Tool bar in Spirion Client.  This document focuses on the largest group of options, called Actions, that can be taken on a file.

The main windows has two sections. The left section is the results pane and the right section is the preview pane.

The results pane shows found matches, their location, and other attributes where possible data matches (eg. SSN and CCN) were found.

If more than one match was found within a file, all matches can be displayed by clicking the icon next to the location name.

The preview pane highlights sensitive information within the context of the file. This allows you check the found match to ensure that it is sensitive information that must be secured or if it is a false positive eg. a 9-digit number in the same format as a SSN (which is not sensitive information).

Taking Action on Scan Results

Across the top of the Main Spirion Window are buttons that correspond to actions you can take on found matches highlighted in the results pane.

An action can be taken on a single file or on a group of files. Multiple files can be selected by checking the box next to each file you wish to perform actions on.  If an action can not be performed on the currently selected file, it will be grayed out.

Shred:
If a file has sensitive information in it and you are sure you do not need the file, use the Shred feature. Unlike a normal delete, Shred wipes the data from the disk, byte by byte, so that it can never be recovered either by you or by an adversary.

Encrypt (not recommended):
This option encrypts the file containing the match. The risk is that there is no password recovery feature available, so if the password is lost, the data can not be recovered.

Quarantine (not recommended):
When a file has sensitive information and you wish to move it to a secure location, the Quarantine feature is an option. Quarantine moves the file and shreds the original so that the data can not be accessed by someone who gains access to your computer. It is important for the quarantine location to be highly secure, such as an encrypted hard drive or location that unauthorized individuals do not have access to.  This is an API (Application Programming Interface) feature that depends on the local computer's operating system in order to work.  Unless you are familiar with how quarantine works in your operating system, it is best not to use it.

Classify:
This option allows you to classify the match. Classifications allow you to track the severity of the match, ranging from Low to Confidential.

Redact:
This feature will overwrite sensitive data, such as Social Security Numbers, with X or some other placeholder character you choose, but leaves other data in the file unchanged. This is often appropriate with older records that included SSNs unnecessarily. Like shred, this is an irreversible step. Use with caution.

Ignore:
If the file does not contain sensitive information (a false positive) or it is sample data, you can choose to ignore the results. This will add the file to the Ignore List. The file will not be scanned in subsequent scans and it will not show up in the results list.



Keywords:
idf pii identity finder data discovery mac macintosh scan 
Doc ID:
14443
Owned by:
Julie J. in Cybersecurity
Created:
2010-06-09
Updated:
2023-12-08
Sites:
DoIT Help Desk, Office of Cybersecurity