ActiveNav Cloud's Target Search service allows you to search your data estate for known personal identifiers such as phone number, email address, or credit card. Users with the Search User role can access the Target Search screen to view existing search requests, create new requests, download completed request results, and delete requests.
Creating a Search Request
The Add Request button will present a search definition screen. There are two descriptor fields, Request Name and Search Reference that are used to identify requests and results. You can use the request name to identify the request internally within ActiveNav Cloud and the search reference to refer to an external tool or process. 
To add search terms to the request, use the Add Field drop down to select an identifier from the list of configured identifiers. A new search term field will be displayed. The field name defaults to the identifier type followed by a number (e.g. Email Address0). You can edit the field name by clicking on the name or the pencil icon. Add the search term for that field in the text box that appears below the new field name. Below is a table describing the search request pictured above.
|
Identifier Pattern and keyword identification rules configured for Target Search. |
Field Name Text used to describe the search term in the request results. |
Search Term The text to match against the selected identifier. |
| Email Address | Work Email | archer.j@prestteam.com |
| Email Address | Personal Email | JamJam2400@freemail.ti |
| Employee ID | EmpID | PTE-571 |
|
USA Social Security Number
|
SSN | 416-76-6730 |
The first field on the form is marked by default as not Required. You can ensure that all records returned by Target Search are responsive to the term by checking the box.
NOTE: Once the request is submitted, the search terms will no longer be available. The request results will use the field name to identify search term hits. Be sure to choose a descriptive name for the field.
NOTE: Date values are treated a bit differently than those for other identifier types. Dates can be written so that they are ambiguous. For example, 1/6/1968 can be interpreted as January 6th, 1968 or June 1st, 1968.
When extracting dates from objects, if Target Search determines a date is ambiguous, it will mark both dates as found in the object. When adding a date field to a search request, selecting the Date Field control changes the display to an unambiguous date and the input control to a date picker.
When the search is performed, Target Search will return objects that include either possible date value.
When you have added all the search terms for your request, the Save and Close button will submit the request to the Target Search service. Your request will appear in the list of requests with its Status set to Scheduled. When the service begins searching for responsive objects, the Status of your request will be set to In Progress. When the service has finished searching, the request's Status will be set to Completed. Now, you can select your request and use the Actions menu to export the results or delete the request.
NOTE: Once your request is Completed, the results will be available for 14 days. After 14 days, the request and the results will be deleted. Target Search will send a notification email message three days before your request expires.
Search Request Results
The results of your request are delivered in a CSV file stored in a ZIP archive. The Request Name and Search Reference fields are included in the file names. If there are more than one million objects in your results, they are split across additional files.
Within the CSV, the columns include basic information about the returned objects:
| Column Name | Description |
| Path | The path to the responsive object - including the file name and extension. |
| Name | The file name of the responsive object. |
| Extension | The file extension of the responsive object. |
| Object Type | The object type. |
| Hierarchy Level | The folder level of the object in the container hierarchy. |
| Size | The size of the object in bytes. |
| Date Created UTC | The created date and time of the object. |
| Date Modified UTC | The last modified date and time of the object. |
| Date Last Accessed UTC | The last accessed date and time of the object. |
| Repository Type | The type of repository where the object was found. |
| Host | The name of the host where the object was found. |
The remaining columns are named after field names entered in the Target Search request form. From the example above, the columns would be Work Email, Personal Email, EmpID, and SSN. For each object in the report, there will be a one (1) or a zero (0) entered for each of the search terms. If Target Search located at least one instance of the search term in the object, the value for that column will be one (1). If the value for the column is zero (0), Target Search found no instances of that search term in the object.
|
Path |
Name |
Extension |
Work Email |
Personal Email |
EmpID |
SSN |
|
Jamari-Archer-PTE-571-i-9-record |
|
0 |
0 |
1 |
1 |
|
|
stafflist |
Csv |
1 |
1 |
1 |
0 |
Deleting Results
Manual Deletion
A user can manually delete one or more requests from the list by selecting the targets and choosing the Actions > Delete command. A confirmation screen will warn the user that this action cannot be undone.
Clicking the Confirm button will remove the Target Search results from the list.
Automatic Deletion
Target Search sets a request expiry for two weeks after the request is completed. Target Search will send an email reminder three days before a request expires.
Architecture & Configuration
On-premises Collectors
It's best to update your on-premises collectors to the latest versions. The minimum version required for Target Search is 1.10.97. You can check your installed versions on the Discovery > Collectors page. The latest versions for Windows File Share and iManage Work can be downloaded from he same page. The Cloud Collectors are always up-to-date.
Discovery
When a Data Source is configured to perform Feature Extraction, collectors will look for identifiers in object content. The presence of identifiers is used to drive the objects score. If a found identifier is marked as searchable in the Feature Extraction rules, the collector will send indicators to the Target Search index.
Target Search Index
The collectors send indicators to Target Search. They are composed of the object's path and metadata (size, dates, etc) plus a hash of the identifier name and identifier value. This means that Target Search never records the identifier name or value in its index.
When a Search User performs a search, the Add Request form performs the same hash function with the identifier names and identifier values. The Target Search service then searches the index for objects that have the same hash value and returns the results as a CSV in a ZIP archive.
Identifiers
ActiveNav Cloud is delivered with a default set of common identifiers for use with Target Search. Some of the more common identifiers are credit card number, driver's license, phone number, passport number and national identifiers (e.g. United States Social Security Number). A complete list of out of the box search enabled identifiers is available here.
This list can be extended to include identifiers that are important to your business. For example: employee id, customer account number, project code. If your organization requires additions or modifications to the list of searchable identifiers, ActiveNav Support can assist in making the changes.
NOTE: Your Data Sources must be refreshed before the Target Search index is updated. Data Sources can be configured for automatic refresh on a schedule. Alternatively, you can initiate a refresh on your inventory from the Data Sources page by selecting Data Sources and using the Actions > Refresh All command.