It may desirable to schedule a search from the DLP Console to run only on specific endpoints that have not been searched for a specified number of days. To accomplish this, a Filter Tag is used to aggregate the desired endpoints and then a search can be executed immediately or via a Scheduled Task policy, as described below.
For additional information on tags and tasks, please refer to these articles:
Create a Filter Tag
To aggregate all of the endpoints that have not been searched within the specified number of days, create a Filter tag and define the appropriate filter. Once this filter is defined, searches can be executed on all of the endpoints within the tag.
- Select Create Tag and set the Type to Filter
- Define the filter by selecting the column Search Date/Time, the operation Older Than X Days, and then adding the desired value - in this example, 30 days.
- Click OK to save the tag.
Schedule the Search
After defining the tag, a search can be immediately executed by right clicking on the tag and selecting Search->Initiate Search. To perform the search at a future time, a Scheduled Task policy can be created by performing the following steps:
- Create a new Policy and set the Policy Type to Scheduled Task.
- On the Schedule tab, click Add in the ribbon, define the desired schedule for the task, and click OK
- On the Endpoints tab, select the created Filter Tag by checking its corresponding checkbox.
- Optionally configure additional settings and click Finish to complete the process.
The search will now execute on each endpoint in the tag when the time(s) specified in the schedule occur.