Evaluating Identity Finder Results in Mac OSX
- You will receive an email from the Identity Finder Enterprise Console with the results
of the PSI scan on your computer. This document is to give you an example of how
to evaluate the results from the report. If you are trying to evaluate the results
of a scan that was not initiated by the management console, but instead run by yourself
see our other documentation on evaluating scan results from the Mac client.
Evaluating Scan Results Using the Identity Finder Client on Mac
- Open the email, control click the attachment, and select “Save As”.
- Browse to wherever you would like to save the file, name the file, and click “Save”.
- Browse to where you saved your file and open it by double clicking it.
- Your document will look something like this when you first open it. Feel free to resize
- These are the columns you are mainly interested in.
- The “Owner” column lists the owners of each document that has been flagged as possibly
containing sensitive information.
- The “Identity Type” column lists the type of information the scan believes it has
- The “Identity Match” column lists the whole or partial data of the sensitive information
it believes it found in a file. (Ex. It may list a full social security number or
just a partial number.)
- The “Match Quantity” column lists how many times the information in question was found
in the file.
- The “Location” column lists the location of the file on the computer.
- The “Location Type” column lists the type of document containing the information.
- You will now look through all of the results to determine if the information found
is truly PSI as defined by the IT Policy or if it is just a false positive.
- Start by control clicking the “Location” cell of the first result and selecting “Copy”.
- Next you should open a Finder window. Do this by clicking the Finder icon on the bottom
- Now you will navigate to the “Go” drop down menu at the top of the screen and select
“Go to Folder…”
- You will then control click the “Go to Folder:” field and select “Paste” to paste
the data you copied from the spreadsheet.
- Then click “Go” or press your “Enter” key to navigate to the folder which contains
the file in question.
- Once you are in the folder you can double click the selected file or press the “Enter”
key to open the document for investigation.
- Here is the now open document. You will want to look it over carefully and determine
if it is PSI or if it is just a false positive. The file in the example is to be
treated as if it were PSI and not just a false positive.
- If you determine that you do not need this PSI on your machine you can go ahead and
delete the file.
- Close the document using the red X in the top left corner of Excel and then open the
- Now command click the highlighted document you had just opened and select “Move to
- Then command click on the “Trash” and select “Empty Trash”. You have now securely
deleted the file.
- Now return to your list of Identity Finder results, and repeat steps 14-19 to open the next document to be evaluated.
- This example is a large spreadsheet. You can tell the page is fairly large due to
the small scroll bar. You do not see any PSI at first glance.
- To make searching for the information in question faster, go back to your Identity
Finder scan results document to copy the information in question. This is so you can
enter the data into a Find Bar in order to try and find the information quickly and
determine if it is PSI or a false positive. Control click and “Copy” the cell in question
from the “Identity Match” column.
- Now go back to the file you had opened and press the “command” and the “F” key simultaneously
to open the Find Bar.
- Press the “command” and the “V” key simultaneously to paste the data you obtained
from the spreadsheet into the Find Window, and then click “Find Next” or press the
- This should then take you to the section of the document that displays the data you
are interested in. As you can see in our example, this is a false positive triggered
by an example of an SSN created for this demo. False positives can either be ignored
- It should be noted that using this find technique will work in most of the large documents
you come across.