About scheduled Identity Finder scans at IU

Important:
UITS is decommissioning the Identity Finder service on February 28, 2019. Along with its edge partners, UITS will begin exploring alternative services and start a proof of concept during 2019. For instructions for uninstalling Identity Finder, see Manually remove Spirion Identity Finder.

The UITS Global Identity Finder initiates various scheduled scans for workstations (Windows desktop and macOS) and servers (Windows Server 2012 and Linux) during the month. Following is an overview of the scanning schedule process.

  • Workstation scans: Workstation scans are non-interactive scans that occur the first Sunday of each month. This global policy is maintained by the UITS Leveraged Services Security Operations team. Scans are configured to use two CPU cores when they run on workstations. They do not interact with users or send them results. IT Pros can access workstation scan results for their organizations via a console.
  • Server scans: Server scans are non-interactive compliance scans that occur the third Sunday of each month. This global policy is maintained by the UITS Leveraged Services Security Operations team. Scans are configured to use four CPU cores when they run on servers. They do not interact with users or send them results. IT Pros can access server scan results for their organizations via a console. Statistics collected allow IT Pros to address potential risks, and may be used for managerial reporting.
  • Other scans: Schools and departments subscribed to the global service may schedule additional scans of their own.

While most searches complete in a timely manner, some workstation scans may not finish because of interruptions from hard restarts, systems entering hibernation or sleep mode, or users terminating searches.

To run additional scans, schools and departments must create new Scheduled Task policies (via the Identity Finder console) and configure their settings to specify when searches will execute. The Scheduled Task policy also lets you set the number of CPU cores to use for a scan, which can help a scan run faster with better performance.

The Endpoint Watcher is the primary means of tracking at-risk data in near-time.

If you are not subscribed to the global service, but installed Identity Finder from IUware, your scan results are uploaded to the central console; only the UITS Leveraged Services Security Operations team will be able to access the results when required.

For help with Identity Finder, see the online user guides, or contact your campus Support Center.

This is document amie in the Knowledge Base.
Last modified on 2019-02-11 15:46:20.

Contact us

For help or to comment, email the UITS Support Center.