Skip to main content
Skyhigh Security

Create an IDM (Enhanced) Fingerprint

Create an Unstructured Data Fingerprint for files in one or more folders. These fingerprints are evaluated per DLP policy to match against sensitive content in the cloud.

  1. Go to Policy > DLP Policies > Fingerprints.
  2. Go to Create Fingerprint > Unstructured Fingerprint and select the type of fingerprint you wish to create:

NOTE: Only one Enhanced Fingerprint can be created, and the option is disabled when one already exists.

Create Fingerprint (Legacy)

You can only use Legacy Fingerprints with Skyhigh CASB.

  1. Go to Policy > DLP Policies > Fingerprints.
  2. On the Fingerprints page, go to Create Fingerprint > Unstructured Fingerprint > Create Fingerprint.
  3. On the Create an Unstructured Fingerprint page, configure the following:
    clipboard_e028a71fe1d98842087cdd8cf4a2ff4e5.png
  1. Fingerprint Name. Enter a name for the Unstructured Fingerprint.
  2. Location to scan. Enter the path to the computer that holds the files you want to fingerprint. Click + to add more paths, if necessary. For example:
  3. Location to store generated hashes. Enter the path to the folder where your locally generated hashed files are stored. Space allocated for this should be about 10–20% of the size of input paths/folders. For example:
  4. File type exclusions. Enter any file types to be excluded. (Archive files such as ZIP files are automatically excluded.)
  1. Click Save

Create Enhanced Unstructured Fingerprint

Create an Unstructured Data Fingerprint for files in one or more folders. These fingerprints are evaluated per DLP policy to match against sensitive content in the cloud.

  1. Go to Policy > DLP Policies > Fingerprints.
  2. On the Fingerprints page, go to Create Fingerprint > Unstructured Fingerprint > Create Enhanced Fingerprint.
  3. The Create an Enhanced Unstructured Fingerprint page provides the following tabs:
  4. Fingerprint Name. Enter a name for the Enhanced Fingerprint
  5. Under the Configure Fingerprint tab, configure the following information:
    1. Location to scan. Enter the path of your system where you want to store the fingerprint files. Click + to add more paths, if necessary. For example:
      • Unix. file:///etc/folderB
      • Unix. /etc/folderB
      • Unix. file:///etc/folderA/file.txt
      • Unix. /etc/folderA/file.txt
      • Windows. file:///c:/folderB/file.doc
      • Windows. c:\folderB\file.doc
      • Windows. file:///c:/folderC/folderA
      • Windows. c:\folderC\folderA
      • Windows. \\Server1\Share\folderB
    2. Classification. You can define classification criteria for the document or file you want to fingerprint. Select the classifications you want to assign to your fingerprints from the Select Classifications cloud card.
      clipboard_eb652cc5ebb42b7a926213fd72fd0bf7d.png
  1. Location to store generated hashes. Enter the path to the folder where your locally generated hashed files are stored. Space allocated for this should be about 10–20% of the size of input paths/folders. For example:
    • Unix. file:///etc/folderB
    • Unix. /etc/folderB
    • Windows. file:///c:/folderC/folderA
    • Windows. c:\folderC\folderA
    • Windows. \\Server1\Share\folderB
  2. File type exclusions. Enter any file types to be excluded. (Archive files such as ZIP files are not automatically excluded.)
  1. Under the Ignored Text tab, configure the text to ignore when processing file content, such as boilerplate, legal disclaimers, and copyright information.
    • Ignored text path located here. Enter the path to the file that includes the Ignored Text to skip during the file processing. 
      clipboard_e3b55ba2d0eac520d8e5c96e281f92d8e.png

For both Legacy and Enhanced Fingerprint, the new Unstructured Fingerprint is created and appears on the Fingerprint page. You must now generate an index of the fingerprint to use it in a DLP Policy. 

Generate an Index

After you have created your fingerprint for the first time, generate the index. Or generate a new index when new files have been added to the host computer. 

  1. Choose Policy > DLP Policies > Fingerprints
  2. Find the fingerprint you want to generate an index for. 
  3. In the Actions column, click Generate Index

This triggers index generation by the on-prem DLP Integrator, but you can cancel the generation anytime. 

Indexes are present until the fingerprint is deleted

 

  • Was this article helpful?