cancel
Showing results for 
Search instead for 
Did you mean: 

Meta Data and regular expression seach in DA

Jim_Hellewell
Level 4
Partner

Hi ,

I have EV 10.0.4 deployed, and have Journal archiving enabled (Exchange 2010). On top of that I have Discovery Accelerator 10 installed.

My question is around search, in partiular, can it do the types of searches that are listed below:-

1) Document Metadata searches:

So if you right click on a word document, and select the Details tab, would a DA search find any of the information there ?

DA1.PNG

 

2) Regular expressions search

Can searching use regular expressions, so for instance can I search for National Insurance numbers, which are in the following format:- <letter><letter><number1><number2><number3><number4><numbe5r><>number6<letter>, such as AB123456P

I don't need to find a particular NI number, but would like to find ALL occurances of NI numbers, ie any occurance of <letter><letter><number1><number2><number3><number4><numbe5r><>number6<letter>  ?

In the same way as that I would want to check for credit card numbers, which is a something like 4 sets of 4 numbers

Any help would be appreciated

 

regards

Jim

 

 

 

3 REPLIES 3

RahulG
Level 6
Employee

1. you may refer the following document 

http://www.symantec.com/business/support/index?page=content&id=HOWTO100395

2. refer https://www-secure.symantec.com/connect/articles/custom-filtering-enterprise-vault

EV_Ajay
Level 6
Employee Accredited

Hi Jim,

You can use DA search string in following ways.

We require atleast first 3 charact of word or letter to find out.

You can use * for number of character after first 3 character.

E.g.  fai*   (fail, failed, fail )

You can use ? for one character

E.g. credit card  means 967?-????-???3 something like this.

Let me know if you have any question.

 

Kenneth_Adams
Level 6
Employee Accredited Certified

Hello, Jim;

I see you've not updated this post in a while, so I'd like to add a little more details to the information provided by RahulG and EV_Ajay.

RahulG pointed you to our configuring effective searches document, which contains a wealth of information on how to configure DA searches and EV_Ajay provided a bit more details into how to do some of the search formatting.

What information is missing from both answers is that DA cannot do the specific types of searches that you want at this time.  The EV Search feature in EV 11.0 can do this, but DA cannot as DA does not have the capability of specifying what range of characters can go into each position of a query string.  For example, your desired query for NI numbers would need a query that would be something like

[A-Z][A-Z][0-9][0-9][0-9][0-9][0-9][0-9][A-Z]

This format is not possible in DA at this time (any version) but is available in EV 11.0's EV Search feature.

As EV_Ajay noted, you would need 3 leading characters for the NI or credit card searches unless you were on EV and DA 10.0.4CHF3 where you don't need leading characters.  The formatting of those searches would make for some very complex search criteria as any use of wild card characters (i.e., the '*' for any number of characters and the '?' for a single character) causes the search criteria that is passed to the search engine to be complicated.  Also, a credit card search would need different formatting based on how the card numbers are entered (i.e., ???? ???? ???? ???? for VISA or ???? ?????? ????? for AMEX).  Fortunately, you can limit the number of entries if you need to include the 3 leading characters as you would not necessarily need to start at 100? 100? 100? 100? and end at 999? 999? 999? 999?.  For such a search, you can specify the beginning range for the different card types (i.e., AMEX, VISA, MasterCard, Discover Card, etc).

Here is a bit of a sales pitch that may contain some useful information.  Our Data Classification Service (DCS) add-on to Symantec's Data Loss Prevention (DLP) system can provide policy tagging for messages that have credit card numbers.  There is a built-in policy that can be activated to place a specific policy tag or retention category on messages with credit card numbers in any format from any credit card vendor.  A DA search could then be configured to find messages with the policy tag or retention category so that you would not have to format any search criteria to find credit card numbers within messages.

I hope this information helps.  Please let us know if you need anything more for your inquiry above.