Evaluating Identity Finder Results in Mac OSX

  1. You will receive an email from the Identity Finder Enterprise Console with the results of the PSI scan on your computer.  This document is to give you an example of how to evaluate the results from the report.  If you are trying to evaluate the results of a scan that was not initiated by the management console, but instead run by yourself see our other documentation on evaluating scan results from the Mac client.

    Evaluating Scan Results Using the Identity Finder Client on Mac

    Image of Identity Finder Results Email in an Inbox

  2. Open the email, control click the attachment, and select “Save As”.

    Image Showing How to Save the Attachment

  3. Browse to wherever you would like to save the file, name the file, and click “Save”.

    Image Showing How to Name and Save the Identity Finder Results

  4. Browse to where you saved your file and open it by double clicking it.

    Image Showing How to Open the Identity Finder Results

  5. Your document will look something like this when you first open it. Feel free to resize the columns.

    Image Showing the Contents of the Identity Finder Results File

  6. These are the columns you are mainly interested in.

    Image Showing the Contents of the Identity Finder Results File With Emphasis on the Columns

  7. The “Owner” column lists the owners of each document that has been flagged as possibly containing sensitive information.
  8. The “Identity Type” column lists the type of information the scan believes it has found.
  9. The “Identity Match” column lists the whole or partial data of the sensitive information it believes it found in a file. (Ex. It may list a full social security number or just a partial number.)
  10. The “Match Quantity” column lists how many times the information in question was found in the file.
  11. The “Location” column lists the location of the file on the computer.
  12. The “Location Type” column lists the type of document containing the information.
  13. You will now look through all of the results to determine if the information found is truly PSI as defined by the IT Policy or if it is just a false positive.
  14. Start by control clicking the “Location” cell of the first result and selecting “Copy”.

    Image Showing how to Copy a Cell From the Results File

  15. Next you should open a Finder window. Do this by clicking the Finder icon on the bottom bar.

    Image Showing How to Open a Finder Window

  16. Now you will navigate to the “Go” drop down menu at the top of the screen and select “Go to Folder…”

    Image Showing How to Go to the Folder Containing the File

  17. You will then control click the “Go to Folder:” field and select “Paste” to paste the data you copied from the spreadsheet.

    Image Showing How to Paste in the Location Data

  18. Then click “Go” or press your “Enter” key to navigate to the folder which contains the file in question.

    Image Showing the now Pasted Data

  19. Once you are in the folder you can double click the selected file or press the “Enter” key to open the document for investigation.

    Image Showing how to Open the File in Question

  20. Here is the now open document. You will want to look it over carefully and determine if it is PSI or if it is just a false positive.  The file in the example is to be treated as if it were PSI and not just a false positive.
  21. If you determine that you do not need this PSI on your machine you can go ahead and delete the file.
  22. Close the document using the red X in the top left corner of Excel and then open the Finder again.

    Image Showing Where to Click to Close the Document
    Image Showing How to Open a Finder Window

  23. Now command click the highlighted document you had just opened and select “Move to Trash.”

    Image Show How to Move a Document to the Trash

  24. Then command click on the “Trash” and select “Empty Trash”.  You have now securely deleted the file.

    Image Showing How to Empty the Trash

  25. Now return to your list of Identity Finder results, and repeat steps 14-19 to open the next document to be evaluated.
  26. This example is a large spreadsheet. You can tell the page is fairly large due to the small scroll bar. You do not see any PSI at first glance.

    Image Showing the Data in the File

  27. To make searching for the information in question faster, go back to your Identity Finder scan results document to copy the information in question. This is so you can enter the data into a Find Bar in order to try and find the information quickly and determine if it is PSI or a false positive. Control click and “Copy” the cell in question from the “Identity Match” column.

    Image Showing how to Copy a Cell From the Results File

  28. Now go back to the file you had opened and press the “command” and the “F” key simultaneously to open the Find Bar.

    Image Showing the Find Bar

  29. Press the “command” and the “V” key simultaneously to paste the data you obtained from the spreadsheet into the Find Window, and then click “Find Next” or press the “Enter” key.

    Image Showing How to Use the Find Window to Find Data

  30. This should then take you to the section of the document that displays the data you are interested in. As you can see in our example, this is a false positive triggered by an example of an SSN created for this demo. False positives can either be ignored or deleted.

    Image Showing the Data Located by the Find Window

  31. It should be noted that using this find technique will work in most of the large documents you come across.
 
IdentityFinderLogo
Identity Finder's Mac Documentation

Return to Top