Veritas Advanced Supervision User Guide

To create and run a search in Veritas Advanced Supervision

1. In the left navigation pane, click Departments.
2. Search for and select the department for which you want to create and run a search.

   Note:

   Veritas Advanced Supervision lists all departments. You can use the filtering options to search the required department. Options include filtering by department name, exception employees, and reviewers associated with the department.

3. In the Searches tab, click New Search.

   The New Search dialog box appears.

4. In the Search Type section, specify the relevant information in the respective fields.

   The Search Type section identifies the search and specifies when it runs.

   The options are as follows:

   Search In	Displays the name of the department.
   Search Type	Choose Immediate to create one-time search that runs immediately. Choose Scheduled to specify a period during which the search is to run. Choose Guaranteed Sample to run a search at the selected sampling time by default. If the search returns fewer results than your monitoring policy requires, Veritas Advanced Supervision adds randomly-sampled items to the review set to make up the shortfall. This feature allows you to assemble more focused review sets that are weighted towards search-specific results instead of purely randomly-sampled items.
   Enabled	Select the check box to enable scheduled searches and guaranteed sample searches. When a search is not enabled, it does not run.
   Name	Type a name for the search.
   Automatically accept search results	Select this check box to specify whether to add the search results to the review set automatically. This option is useful for verified searches that you intend to run on a regular basis. This option is enabled only if the Accept searches permission is assigned to the user who is creating the search. If you select this check box, you cannot reject the results and change the search criteria. Veritas Advanced Supervision recommends that you clear Automatically accept search results until you have tested that the search returns the expected results. A search that returns an error from any archive is not automatically accepted, regardless of this setting.
   Include items already in review	Select this check box to specify whether the search results can include the items you previously captured and added to this department's review set. This option does not apply to the items you previously included in the review sets for other departments. For an immediate search or scheduled search, you can select this box to ensure that the results include the items that may already be in review from other searches.

5. In the Sampling section, specify the relevant information in the respective fields.

   The Sampling section lets you sample the search results and add a random selection of items to the review set. Veritas Advanced Supervision does not deduplicate randomly-sampled items.

   The options are as follows:

   Sampling percentage	Specify the percentage of search results to include in the review set. You can specify fractions, as in 10.25. You cannot change the sampling percentage if the owner of the department has locked this setting in the department properties.
   Set minimum items per author	Specify the minimum number of items per author to include in the review set. If there are no items for an author in the search results, none can be included in the sample. Note: As the authors can be from outside the selected department, searches may return more results.
   Set absolute item limit	Specify an upper limit on the total number of search results to add to the review set. This option takes precedence over any values that you set in the Sampling percentage field.

6. In the Date range section, specify the relevant information in the respective fields.

   The Date range section lets you search for items according to when they were sent or received.

   The options are as follows:

   Specific date range	Specify the date and time duration to search items that were sent or received during the selected period.
   Today / Yesterday / Last 7 days / Last 14 days / Last 28 days	The date ranges are relative to when the search runs, which is today in the case of an immediate search. You may find these options useful when creating a scheduled, recurrent search that runs once every day, week, two weeks, or four weeks. For example, if the search runs once a week, select Last 7 days to limit the range to the days since the search last ran.
   Since search last ran	For a scheduled search only, lets you search the new items that have arrived since the last time you ran the search. This option is similar to options such as Today and Yesterday. However, it lets you set an explicit start date for the first run of the search. By default, this option searches from the date of the last run (or the start date for the first search) to the current day minus 1 (that is, up to yesterday).

7. In the Authors and recipients section, specify the relevant information in the respective fields.

   The Authors and recipients section targets the departments for the search and the direction of the items to search. Any departments that you have organized into partitions can only search items to and from departments in the same partition.

   The options are as follows:

   Message Route	Specify the departments you wish to search as well as the direction of the items you wish to search. Search for the items that are to or from the selected departments, and for the items that have traveled between the selected departments and other departments. You can search for the items that follow the following message route: Between "the specified department" and other searchable departments any department within the organization department outside the organization department internal AND/OR External to organization TO "the specified department" from other searchable departments any department within the organization department outside the organization department internal AND/OR External to organization FROM "the specified department" to other searchable departments any department within the organization department outside the organization department internal AND/OR External to organization
   Any of / All of	To search within department tags, select a department. To search within the To/From fields, only select the employees. You can expand the department tag to select monitored employees. If there are a large number of employees in the department, you can click the search icon in front of the department tag, which opens a new window where you can search and select monitored employees.
   Freeform email addresses / domains	This field is available for all possible message routes. Type one or more email addresses and domains. Type each address or domain on a line of its own to search for the items where the From, To, CC, or BCC fields contains any of the addresses or domains. Type all the addresses and domains on a single line to search for items in which they are all present. Place the minus sign (-) in front of an address or domain to exclude it from the search. To exclude multiple addresses or domains, type them all on a single line. Note: You can use Freeform email addresses / domains to search for email addresses associated with the user accounts but now use the discontinued domain. To search for previously monitored employees, you should use department internal AND/OR External to organization message route, and then use the Freeform email addresses / domains option to provide email addresses or domains.
   Department tree	Specify the departments and employees you want to include in the search. Click the arrows to the left of the department names to expand them and view the nested departments and exception employees. When you select a department, you do not automatically include any exception employees in the department. To search exception employees, you must select each one explicitly.

8. In the Search terms section, specify the relevant information in the respective fields.

   The Search terms section specifies the words or phrases for which Veritas Advanced Supervision should search in the subject lines of items and their bodies. By default, when you search for words in both the subject of an item and its content, Veritas Advanced Supervision finds those items that meet one or both criteria. However, it is possible to set up Veritas Advanced Supervision so that only those items that meet both criteria are found.

   The options are as follows:

   Subject

   Type the keywords or phrases to be searched in the review items either in their subject lines or in the file names of their attachments. Press Enter to separate keywords and phrases from each other. Alternatively, click Hotwords to select hotword sets and keywords. Note: Use an asterisk (*) wildcard to represent zero or more characters in your search. Use a question mark (?) wildcard to represent any single character. A wildcard search always finds items that match your search criteria and that were archived in Veritas Advanced Supervision. Use a minus sign (-) to indicate you want to exclude from the search results any items that contain the following word or phrase. For example, the search to find the items that contain either of the words Agent and Agency, but do not contain the word Cost. ("(Agent AND NOT Cost) OR (Agency AND NOT Cost)"): Any of: Agent -Cost Agency - Cost A search term cannot comprise an excluded word or phrase only. When you specify such words or phrases, you must also specify a positive word or phrase you want to appear in the search results. A search term cannot start with any of the following characters on any line: = + - @. For example, "Agent -Cost" is a valid search term but "-Cost Agent" is not. Veritas Advanced Supervision ignores any non-alphanumeric characters in the search term, except for those that have special significance, such as the plus sign, minus sign, and question mark. For example, a search for the term US@100 may find instances not only of US@100 but also of US 100 and US$100. Including non-alphanumeric characters in the search term may therefore return more results than you expect.

   Content

   Specify the keywords or phrases to be searched in the content of review items. Alternatively, click Hotwords to select hotword sets and keywords.

   In the Veritas Advanced Supervision client, you can create a proximity search by using operators such as NEAR, BEFORE, or NOTWITHIN.

   Note the following points about the search terms:

   • If you use an operator such as NEAR, BEFORE, or NOTWITHIN in the uppercase in the search term, that search term behaves as a proximity search query.

     Note:

     In Veritas Advanced Supervision, text in the search term is treated as a phrase in regular and in proximity searches. The text before the operator is the first operand, and the text after the operator is the second operand.

   • If you do not use an operator such as NEAR, BEFORE, or NOTWITHIN in the uppercase in the search term, that search term behaves as a regular search term.

   • The predefined hotwords sets (which are imported using an XML file) involving whole wildcards are converted at run time to use the NEAR operator.

     For example, consider the following hotwords set:

     • roy * johnson

     • roy * * johnson

     • roy * * * johnson

     This gets converted to roy NEAR/3 johnson, as the use of the entire hotwords set in the search terms is semantically equivalent to the proximity search - roy NEAR/3 johnson.

     This optimizes the search query by making use of the proximity operators as expected from the hotwords set.

   The following table contains a few proximity search syntax and examples:

   Operator	Description	Examples
   BEFORE	Items in which the first specified term appears within a maximum of 10 words before the second term. Optionally, you can specify a maximum number of words between the two terms.	John BEFORE Smith matches items in which John appears within 10 words before the word Smith. It does not match with Sue Smith met John. John BEFORE/1 Smith matches items that contain John Smith or John B. Smith. It does not match items that contain John has met Smith or Sue Smith met John.
   NEAR	Items in which the first specified term appears within 10 words of the second term. Optionally, you can specify a maximum number of words between the two terms.	John NEAR Smith matches items in which John appears within 10 words of Smith. John NEAR/1 Smith matches items in which John appears within one word of Smith, as in John Smith, John B. Smith, or Smith sued John. It does not match items that contain John has met Smith or Sue Smith asked for John.
   NOTWITHIN	Items in which the first specified term appears outside the context that you have defined with the second term.	confidential NOTWITHIN "Disclaimer: This email and any files transmitted with it are confidential" matches items that contain the word confidential outside the context of the disclaimer.

9. In the Attachments section, specify the relevant information in the respective fields.

   The Attachments section lets you search for items of a certain size and type or that have the specified retention category.

   The options are as follows:

   Number

   Specify the required number of attachments. You can search the items with specific number and type of attachments. The default option, Does not matter, means that the item can have zero or more attachments. All following other options require you to type one or two values that specify the required number of attachments: Equals: requires a specific number of attachments. Between: requires the number of attachments messages must have to a value between those to be specified. Less than: requires a number of attachments below the number specified. Greater than: requires any number of attachments greater than the number specified.

   File extensions

   Specify the file name extensions of particular types of attachments for which to search. Separate the extensions with space characters. For example, type the following to search for items with HTML or Microsoft Excel file attachments:.htm .xls. This search option evaluates attachments by their file names only; it does not check their file type. For example, suppose that a user changes the file name extension of a .zip file to .zap and then sends the renamed file as an email attachment. An Veritas Advanced Supervision search for items that have attachments with a .zip extension does not find the email with the renamed attachment. The contents of some attachments may not be searchable because Enterprise Vault has not indexed them. In particular, file formats such as Fax and Voice do not have any indexable content. Some Enterprise Vault registry entries prevent it from indexing the contents of selected file types.

10. In the Miscellaneous section, specify the relevant information in the respective fields.

    The Miscellaneous section lets you search for items of a certain size and type or that have the specified retention category.

    The options are as follows:

    Message size	Specify the size in kilobytes of each item for which to search, as reported by the message store (Exchange, Domino, and so on). The item size includes the size of any attachments. The following options are available: Does not matter: any number from 0 upward can be attached. Equals: requires a specific number of attachments. Between: requires the number of attachments messages must have to a value between those to be specified. Less than: requires a number of attachments below the number specified. Greater than: requires any number of attachments greater than the number specified.
    Message type	Select the All content sources check box to consider all types of messages. When this option is selected, other options remain disabled. To select specific message type, clear the All content sources check box, and select one or more required options from the list below: Exchange email Instant messaging Bloomberg Lotus Domino Fax SMTP Teams chat Teams channel Audio-Video Transcript Note: Custom message types, such as Facebook, Twitter, if added by the administrator using the Compliance Accelerator client, will also be displayed.
    Retention category	Search for items to which Enterprise Vault has assigned the selected retention categories.

11. In the Tags section, specify the relevant information in the respective fields.

    The Tags section lets you search for items according to the tags with which any additional policy management software has classified them.

    The options are as follows:

    Filter	Select any of the following options to search for the items that match certain classification policies. There are several types of policies: Inclusions only: Select this option to include items that your policy management software has classified for inclusion in the review set that may contain the most serious offenses, such as swearing, racism, or insider trading. Ignore inclusions: Select this option to ignore items that Veritas Information Classifier has classified for inclusion in the review set that may contain the most serious offenses, such as swearing, racism, or insider trading. Exclusions only: Select this option to include spam items and newsletters that your policy management software may classify for exclusion from the review set. Ignore exclusions: Select this option to ignore spam items and newsletters that your policy management software may classify for exclusion from the review set. Categories only: Select this option to include categorized items that exhibit certain characteristics, such as containing Spanish text. This type of policy provides no information on whether an item should be included in or excluded from the review set. Ignore inclusions and exclusions: Select this option to ignore inclusion and exclusion items. Custom: Select this option and type the names of one or more policies. Separate multiple tag names with commas, like this: CustomTag1,CustomTag2 All: Select this option to include all tags. Note: Veritas Information Classifier (VIC) is required to classify items based on their content and metadata. Implementing VIC requires additional charges.
    Name	Select tag names. Separate multiple tag names with commas, like this: CustomTag1,CustomTag2
    Filter by current department	Select this check box to skip the unused policies in the current department.

12. In the Custom attributes section, enter the appropriate values in the respective fields.

    The Custom attributes section lets you search for the items that have the specified attributes. When Enterprise Vault processes an item, it populates a number of the item's attributes with information and stores this information with the archived item. Some third-party software may also attach additional attribute information to items. If you know the name of an attribute that interests you, you can enter its details here as a custom attribute.

    The options are as follows:

    Include operator	If you enter the details of both the attributes, use the options in the Include operator drop-down list to determine whether the search results should match any of the attributes or all of them.
    Free form attribute	Set the appropriate values in the Attribute, Type, Operator, and Value fields.
    Attribute	Specify the attribute name you want to search for. The attribute name is case-sensitive. Attribute name is a searchable system or the custom index properties such as subj for subject, crct for current retention category, natc for number of attachments, and so on. To search for attribute information that a third-party software has added to the X-Headers of SMTP items, add the prefix EVXHDR to the name of the required attribute. For example: EVXHDR.X-CompanyID
    Type	Select the attribute type. The application supports the following three attribute types: string number date
    Operator	Based on attribute type, the application has the following Operators: For String type - Any, All, Exact and Phrase For number type - Equals and Between For date type - No operator. It only supports range (from and to).
    Value	Specify the terms you want to search. The attribute value is case-sensitive. Note: Do not enclose attribute values in quotation marks if you want to indicate that they are phrases. Instead, select Phrase as the operator for these attributes, if you have a choice. Alternatively, you can indicate that an attribute value is a phrase by replacing all the spaces with periods, as follows: sample.attribute.value This technique lets you specify multiple phrase values for the same custom attribute. For example, consider the following attribute value: Enterprise.Vault.Service.Account system VAS.Administrator This value matches "Enterprise Vault Service Account", "system", and "VAS Administrator".

13. In the Intelligent Review section, choose options for the learning engine in Veritas Advanced Supervision. This engine allows Veritas Advanced Supervision to search for items intelligently, based on the actions that reviewers have taken on earlier items.

    For example, after a reviewer has marked a spam message or out-of-office reply as irrelevant then, when Veritas Advanced Supervision detects other items that have similar characteristics, it can handle them in the same way.

    Note:

    Searches that use the intelligent review feature may take slightly longer to complete than those that do not use this feature.

    Searches that you conduct in a research folder uses the learning data of the associated department. Folder searches do not have their own learning data and do not contribute to the department's learning data.

    Searches, by default, consider metadata and content of items to determine the relevance. However, if search results contain items that are older than 30 days, only metadata is considered to determine the relevance.

    The options for Learning behavior are as follows:

    None	Veritas Advanced Supervision searches for items in the normal way, without implementing Intelligent Review. This is the default option.
    Search and prioritize	Veritas Advanced Supervision searches for both relevant items and irrelevant items without favoring one over the other. So, if your chosen Sampling percentage value requires that you capture and review 10% of items, Veritas Advanced Supervision captures 10% - but a substantial number of the items may be irrelevant. With this option, however, Veritas Advanced Supervision does give the items a status of either Unreviewed (Irrelevant) or Unreviewed (Relevant) as it adds them to the review set. When you later review the items in the Review pane, you can filter them by their Unreviewed status to distinguish between the relevant and irrelevant items.
    Search and then sample ONLY relevant content	Veritas Advanced Supervision searches across all the items and captures the relevant ones only, until it has captured the required percentage. So, if your chosen Sampling percentage value requires that you capture and review 10% of items, Veritas Advanced Supervision captures 10% - all of them considered to be relevant. If there are too few relevant items to fulfil the chosen sampling percentage, Veritas Advanced Supervision does not supplement them with irrelevant items. This is an important difference between this option and the equivalent option, Sample exact percentage of ONLY relevant content, in the Department Properties pane.

14. Click Save.