Veritas Data Insight Release Notes
- Overview of this release
- Software limitations
- Known issues
- Inactive Data by Owner report
- Installcli
- SharePoint
- Documentum
- OneDrive, SPOnline and Azure devices
- Isilon
- User Impersonation
- Microsoft Purview Information Protection (MIP) Label
- Amazon S3
- Azure AD
- Keystore
- OneDrive
- Console display issues
- Domain List
- Action Status tab
- Permissions are not supported for certain data source
- Data Insight captures audit events only for document library and its child paths
- Some data sources do not honor the settings configured under Settings > Scanning and Event monitoring
- Security event not monitored for certain devices
- Certain paths cannot be uploaded using CSV file
- Audit events are not collected for site collections containing UTF-8 characters
- I18N characters in site collections are not supported
- The Scan History tab does not display throughput for certain data sources
- Audit events for OneDrive and SharePoint Online data sources take longer to get displayed on the Console
- Multi-byte characters not supported
- Toolbar error
- Incorrect status of folder displayed
- Incorrect information in Inactive Directories report
- Unwanted access events displayed
- Data Insight cannot capture the IP addresses for events on certain platforms
- Inconsistency between permissions view of Windows and Data Insight
- Error fetching data displayed
- Error in inactive users information
- SharePoint create event displayed incorrectly
- Custom attribute widget issue
- Incorrect disk space computation displayed on Workspace tab for NFS shares
- Share or site collections on disabled filers or Web applications are displayed in charts
- Error displayed while adding a VxFS filer
- Scan status incorrectly displayed on scanning dashboard
- Incorrect icon displayed in the reports wizard
- Newly added Enterprise Vault servers are not displayed in the Filer Mapping page
- Dashboard report fails, if filers and domains are not configured in Data Insight
- Social Network Map fails to render for the shares that have large number of active users
- Mismatch between permission entries displayed in Windows interface and Data Insight console
- Incorrect file size may be displayed for archived files in an EMC Celerra file server
- EVFolderPoint.xml file may be displayed in the Workspace
- Incorrect recommendation count displayed
- Permission recommendations for renamed folders may not be accurate
- Broken membership in case of local groups leads to misleading permissions
- Some filers are not auto-mapped for wrongly configured Enterprise Vault servers
- Exception is displayed while trying to archive a batch of files using the Enterprise Vault
- Domain filter does not work as expected in some cases
- DFS share mapping and its configuration is not removed when the corresponding physical share is deleted
- In Data Inventory reports, the DLP policy names are not displayed against the files
- Pipe character in share name not supported
- Display name for users appears blank
- Enabling or disabling of audits for site collections may take longer time
- Data Inventory Reports may produce incorrect output in certain cases
- Sorting by paths or custodians does not work in the Ownership Confirmation workflow creation wizard
- A workflow that is in submitted state cannot be canceled.
- The count of resources to which a custodian is assigned is displayed incorrectly.
- Custodian assignment may take a long time to complete.
- Permission remediation emails may display incorrect values for some variables
- The sort functionality does not work for NFS paths in the Self-Service portal.
- SID History displayed as parent group
- Ownership Confirmation workflow does not work for certain NFS paths
- Attempt to add/upgrade license results in showing success message regardless of validity of the license file
- Error message may appear while applying recommendations
- For Box type source, navigation back from a shared folder may fail
- Search for well-known SIDs may yield partial results
- DLP policy filter displays some obsolete policies
- Some user attributes may be unavailable as filters in User Risk dashboard
- Exact string may fail to display desired suggestion in go-to bar
- Low screen resolution clips Pagination bar, columns
- Exclusion rules for SharePoint paths are case-sensitive
- Default landing page for Storage Administrator role is incorrect
- Results of a filter remain persistent in Directory Services view
- Workspace may incorrectly indicate Box devices as inactive
- You may not be able to search for activity by users with I18N characters
- Permissions Search Report fails if attribute filters include I18N characters
- Navigating across tabs resets filters in Workspace
- Permission search report does not display nested DFS paths
- Forward slash appears in Access details paths report for Box devices
- Server notifications may reflect incorrect file count
- Remove Permissions panel in Permissions Search report may not display list of paths and trustees
- User Risk Dashboard does not display analytics attributes after upgrade
- Inclusion/Exclusion attribute queries do not work for Group custom attributes
- Unable to search for activity by users with Chinese characters
- When using a CSV file to upload paths to reports, a red cross appears for the paths
- Data Insight implicitly adds the groupType Active Directory attribute
- SharePoint paths filtered as a part of Scanner exclude rule are marked as deleted and not displayed on UI
- Active user count for Ownership Confirmation workflows not displayed on Portal UI
- Sometimes the sensitive file and other columns do not display the correct count
- Reports cannot be searched using comma separated labels
- The classification status of certain paths invariably appears to be in in-progress state
- Paths with special characters cannot be classified
- An error is reported during content scan of Box
- Files and folders do not inherit the Custodian assignment
- Discrepancy in the count of paths that failed classification
- Other Issues
- Classification
- Isilon NFS
- NFS Scan
- Netapp and Fpolicy
- Effective permission data
- OneDrive, SharePoint Online, and Box
- Veritas Information Classifier (VIC) tags
- Cloud storage license details
- Localization
- Scan History
- OneDrive proxy server settings
- SharePoint Online
- NFS user mapping
- Delete action
- Audit Logs
- Watchlist configuration
- Box and OneDrive
- winnas installation
- Group permission
- SharePoint
- SID not getting resolved for NetApp Cmode filer
- Entitlement Review reports for OneDrive devices
- Data Insight scans Shares using unexpected SmartConnect Zone
- [Box] Classification request remains in the 'in-progress' state if a file download fails
- Excel Services Viewers group is displayed as an account level group in Sharepoint Online
- License uploading results in an empty file named "upload"
- Tesseract needs to be uninstalled manually upon Data Insight uninstallation
- Inaccurate Entitlement Review report output for SharePoint Online and SharePoint On-prem devices
- Group Change Impact Analysis report does not work for SharePoint Online and SharePoint On-prem devices
- Collector process became unresponsive on rare instances
- HNAS Filer Audits
- Local users
- Scanner infinitely scans circular symlinks
- Capacity Reports are generated for all filers irrespective of RBAC configuration
- Error in displaying selected result entry
- Vfilers wrongly capture open events on folder paths as events on file paths
- Deletion of a Collector node fails even after disassociating all filers
- User with Product Administrator role unable to edit share
- Unable to restore tabs
- Scan resync does not work for certain scenarios
- Security event not monitored
- Create event not captured
- Container and directory service name limitation
- Special characters in NFS paths cause NFS scanner to fail
- Incorrect default schedule displayed
- Error in deleting report output
- Port number for LDAP directory server required
- Exclamation mark in user name not supported
- A security event does not change last modified by value for a destination folder
- The job scheduling settings require modification
- The scan history graph does not display the data as expected
- Limited support in the Entitlement Review report
- Issue with launching installer from mapped drive
- Issue with same NFS export and CIFS share name
- The scanned shares and the total scan count does not match
- Access Summary for Paths report displays all active users of a share
- Limited support for claims-based authenticated Web applications for SharePoint
- Inactive users view and report does not consider share-level permissions
- Attempt to archive a file using the Enterprise Vault fails
- Group Change Analysis report does not report loss of access if users part of built-in groups
- Filer Mapping page does not reflect the changes in the settings for the Enterprise Vault servers
- Generic device issue
- Connection to the Enterprise Vault server fails if host name is used
- Stop DataInsightFPolicy service before shutting down a Collector node
- Data Insight cannot retrieve retention categories with certain characters
- Issue with assigning NIS and LDAP users as custodians
- Disabled icon not displayed
- Issue with computing custodian for root site collection
- Size of parent folder is not updated
- Issue with pagination on Audit Logs view
- Issue with LHS filter
- mxcustodian.exe is slow in case of large number of paths
- Certain reports do not honor the global data owner policy
- Incorrect information displayed for migrated user
- Issue with workflow creation if services on Indexer are down
- Query with I18N characters may fail to generate Permissions Search Report
- Paths having double quotes are not added when using CSV method
- Issue with report output on file group selection when configuring reports
- Fixed issues
- Appendix A. Getting help
In 6.4
The following features, enhancements, or changes are now available in Data Insight 6.4.
You will be able to find Classification Details like last classified date by navigating to Workspace >> Overview.
Classification server pool support for Windows File Server.
Detailed classification request progress status to improve visibility.
Option to classify only new or modified files.
Additional feature to handle restart while classification is in progress.
Classification framework is more resilient and robust.
The Federal Information Processing Standards (FIPS) define U.S. and Canadian Government security and interoperability requirements for computer systems. The FIPS 140-2 standard specifies the security requirements for cryptographic modules. It describes the approved security functions for symmetric and asymmetric key encryption, message authentication, and hashing. For more information on the FIPS 140-2 standard and its validation program, see the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) Cryptographic Module Validation Program website at: https://csrc.nist.gov/projects/cryptographic-module-validation-program
Data Insight now supports FIPS level 140-2. Administrator can choose to enable FIPS mode during installation or upgrade.
For all CIFS supported devices
Ability to set label on files based on report output or via workspace actions.
ability to natively correct non-classified and mis-classification documents for compliance and security.
Visualize updated labels on the user interface or reports in near real-time.
Data Insight now supports Kerberos Authentication to Management Server log in and Self Service portal, as a secure method of authentication.
EMC Isilon support is enhanced to provide customers with ways to map SmartConnect zone name and aliases. Customers can now choose either of the following:
Scan & audit shares of all access zones using EMC filer's IP or FQDN.
Scan & audit shares of chosen access zones using EMC filer's IP or FQDN.
Scan & audit shares of chosen access zones using preferred SmartConnect zone name and aliases.
Scan & audit shares of chosen access zones using preferred SmartConnect zone name and aliases.
Shares with same name belonging to different access zone are fully supported with this release.
Share names will include the access zone name for filers that will be added to Data Insight from this release onwards.
There will be an option to include the access zone name as part of the share name for existing filers. That can be done by modifying the filer's configuration under Setting.
For more information about upgrade implications, refer to Configuring EMC Isilon monitoring in Veritas Data Insight Administrator's guide.
Enhanced framework for better in-context help.
Data Insight is now IPv6 compliant.
New classification policies are introduced in every release expanding the compliance and privacy use-cases to newer markets. This release (4.0.0) brings in following new enhancements, policies, and patterns for automatic content classification for supported workloads.
Exact Data Match (EDM)
Unlike most classification techniques that rely on pattern matching to identify sensitive data, Exact Data Match (EDM) triggers a classification response when the actual data that needs to be protected is detected. By matching on the exact data, this reduces the rate of false positives and allows for much higher levels of accuracy in automatic classification. EDM uses a fingerprint method whereby an extract of a database or table is provided as source file in either CSV or TXT format. The table is ingested, and rules are created that indicate a match when one or more columns of a single row are detected in proximity. EDM is ideal when the identification of discrete customer data, employee data, and any other sensitive data repository maintained within a table is required.
Exact Data Match is useful to detect:
Specific data sets from a database (for example, employee records)
One or more rows in large quantities of data
Multiple field combinations
Exact Data Match provides the following benefits:
Provides the ability to detect specific data sets from a database. For example, employee records.
Supports matching of combinations of data. For example, matching one or more fields and optional fields as per configured proximity value.
Supports large data sets like database records.
Provides data protection by hashing of stored data.
Supports text in all languages.
EDM can be enabled or disabled from YAML.
Following VIC policies have been added:
Malaysia Personal Data Policy
Malaysia Sensitive Data Policy
Colombia Personal Data Policy
Colombia Sensitive Data Policy
Vietnam Personal Data Policy
Vietnam Sensitive Data Policy
Offensive Language Policy
Bribery Policy
Attorney Client Privileged Policy
Compensation Communication Policy
Support to following policies for classification of medical conditions/diseases/diagnoses based on signs and/or symptoms:
Medical Diagnosis - Pancreatic Cancer Policy
Medical Diagnosis - Pneumonia Policy
Medical Diagnosis - Pregnancy Policy
Medical Diagnosis - Prostate Cancer Policy
The following existing transparent policies are updated:
Customer Complaints Policy
High Risk Securities - Complete List Policy
High Risk Securities - Large CAP Policy
High Risk Securities - Mid CAP Policy
High Risk Securities - Small CAP Policy
High Risk Securities - Other Policy
Transparent Patterns
Transparent patterns are new built-in patterns that provide users visibility into the internal logic of the pattern. With this, users have better control and defensibility over pattern matching criteria .Users can copy the existing transparent patterns and modify them for customer-specific logic. This also allows users to create custom policies using Transparent Patterns and when Veritas updates the underlying transparent patterns, their customized policies will be automatically updated as well. The following transparent patterns are introduced:
Customer Complaints
Customer Complaints Keywords (sentiment)
Financial Distress
Financial Securities Transaction
High Risk Securities - Company Names
High Risk Securities - Company Names Large CAP
High Risk Securities - Company Names Mid CAP
High Risk Securities - Company Names Other
High Risk Securities - Company Names Small CAP
High Risk Securities - Company Names Very Large CAP
High Risk Securities - Tickers
High Risk Securities - Tickers Large CAP
High Risk Securities - Tickers Mid CAP
High Risk Securities - Tickers Small CAP
High Risk Securities - Tickers Very Large CAP
Outside Business Activities
Starts with either (FW: FWD: RE: RE FW FWD)
Subscriptions
Subscriptions (proximity)
Improved Python Source Code Detection
VIC release includes improved logic for detecting small Python source code files.
Data Insight 6.4 uses Azure application with application scope permissions for performing operations like scan, discovery, and so on. With this change, user impersonation is no longer needed.
Note:
For existing Azure AD, SharePoint Online and OneDrive sources, the Microsoft application needs to be updated to eliminate user impersonation. This is a mandatory step for authorization process. Refer to Configuring application without user impersonation for Office 365 in Veritas Data Insight 6.4 Administrator's Guide.
Data Insight will not support Red Hat Enterprise Linux 6 (RHEL6) from this release. If you are upgrading to Data Insight 6.4 from earlier version, migrate your filers to different indexers. For more information, refer to About migrating storage devices across Indexers in Veritas Data Insight Administrator's guide.
Data Insight will not support Documentum from this release.