Data Source Path Exclusions

For some repositories, it may be desirable to exclude certain directories from being scanned during a discovery or feature extraction. For example, containers that contain operating system snapshots. These large files are unlikely to contain sensitive data and so scanning them may be deemed unnecessary. 

To support this, data source path exclusions can be defined and uploaded to ActiveNav Cloud. Using a combination of repository types and container names, discovery times can be reduced by excluding low risk containers.

Rule Properties

Exclusion rules are uploaded to ActiveNav Cloud using a JSON format, similar to this:

[
  {
    "RuleName": "My Rule Name",
    "RepositoryType": "WindowsFileShare",
    "ContainerNames": ["folder1", "folder2"],
    "CaseSensitive": true
  }
]

Each rule should contain the four mandatory properties:

• RuleName - a friendly name for the rule, when a container fails this rule this name will be used in the error message. Each rule name should be a unique value.
• RepositoryType - the target Repository for this rule. See below for a list of supported values.
• ContainerNames - a list of container names to look for, if matched the container in question will be excluded. Containers should be added into an array as shown in the example. Please note, only exact matches are supported; wildcards or regular expressions will not be understood.
• CaseSensitive - whether the list of Container Names should be applied in a case sensitive manner. Valid values for this property are true or false.

The rule exclusion file supports multiple objects and so rules for different repositories can be uploaded in one go. A multi-repository type JSON file would look similar to this:

[
  {
    "RuleName": "Common WFS Exclusions",
    "RepositoryType": "WindowsFileShare",
    "ContainerNames": ["folder1", "folder2", "folder3"],
    "CaseSensitive": true
  },
  {
    "RuleName": "Common Exchange Exclusions",
    "RepositoryType": "ExchangeOnline",
    "ContainerNames": ["folder1"],
    "CaseSensitive": true
  },
  {
    "RuleName": "Common OneDrive Exclusions",
    "RepositoryType": "OneDrive",
    "ContainerNames": ["folder1", "folder2"],
    "CaseSensitive": true
  }
]

The supported values for RepositoryType are:

It is recommended that JSON files are run through a formatter before attempting to upload to ActiveNav Cloud to highlight potential syntax errors. There are various formatters available online, or they can be verified on desktop applications such as VS Code or Notepad++ with the appropriate plug-in.

Importing Exclusion Rules

The JSON file can be uploaded to ActiveNav Cloud by navigating to System > Settings > Path Exclusion. Click the Upload JSON button, then select your rules file. ANC will validate the JSON within the rules file and if the content is correct, you will receive an Upload successful message.

Once an exclusion ruleset has been uploaded, subsequent discoveries, feature extractions and refreshes will have any applicable exclusions applied. Existing discoveries and feature extractions will be unaffected.

Audit Log

When a discovery or feature extraction has completed, and one of the containers within the data source has been excluded, an entry for each excluded container will be added to the discovery's audit log.

These will not show as warnings against the data source.

To see the exclusion rules currently applied to your ActiveNav Cloud tenant, click Export JSON. Your tenant's active exclusion rule dataset will be downloaded to your computer as a JSON file.

Updating and Resetting Rules

To update the current ruleset, amend the existing JSON to include new rules or remove those that are no longer applicable. Uploading a new JSON file will overwrite the original.

Should exclusion rules no longer be required, they can be reset by uploading a JSON file containing an empty array. The contents of this would simply be:

[]