Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
automationrules [2018_09_21 03:21] – [Introduction] added link stevenautomationrules [2024_03_04 17:45] (current) – [8. Call webhook] steven
Line 1: Line 1:
 # Data Automation Rules # Data Automation Rules
 +
 +##### last updated on: Feb. 26, 2022
  
 ## Introduction ## Introduction
  
-Whether for compliance or competitive reasons, organisations often need to take action based on documents of special interest.+Access Anywhere's Data Automation Rules deliver if-this-then-that functionality for automatically taking actions when certain types of events happen on Access Anywhere
  
- * Documents that contain personal data restricted under GDPR? - Don't allow them to be shared! +Each Data Automation Rule configured in Access Anywhere consists of an //event trigger// (e.g. "File is uploaded") which triggers one or more configurable //actions// (e.g. "Transcode video file" or "Perform content intelligence"). 
- * Sales contracts reference obsolete SKUs? - Notify the the legal team and move them to quarantine! +
- * Files containing the name Ernie Madeoff? - Send email to the finance director!+
  
-An administrator can pre-configure actions to be automatically performed when different types of content are detected.  For example, an email could be sent, or a file moved or restricted based on the detection of personal data.  
  
-Applies to: 
  
- * Enterprise File Fabric Appliance [Add-On] (since [[cloudappliance/applupdatev1808|v1808]])+## See Also:
  
-See Also:+ * [[contentdiscovery|Content Discovery]]
  
- * [[contentdiscovery]] + * [[file_content_intelligence/admin|Content Intelligence]]
- * [[contentdiscoveryconfig]]+
  
-For data automation rules to be enabled the Content Discovery module must be enabled, and providers configured for content search. For more information see [[contentdiscovery]].+## Administration
  
-The Data Automation Rules configuration page is accessed from the Organization menu by users with the Administrator role. +The Data Automation Rules configuration page is accessed from the Organization menu by the organization administrator and by users with the Administrator role. 
  
-## Creating an Automation Rule 
  
-An automation rule consists of an event, a condition and one or more actions.+## Event Types
  
-### Event+This section outlines the available Event Types that Access Anywhere supports.
  
-Choose “Create Rule” to create an automation rule.+### 1File is uploaded through this platform 
 +Description: This event is triggered when a file is uploaded by a user directly on Access Anywhere. The scope of this upload can be narrowed using the Folder selector.  
 +  
 +**Available since**: 2106.00
  
-The only event currently supported is “Content is detected in a file”. It’s triggered when content of interest is detected in a file that is uploaded or moved.+### 2. File is discovered on storage 
 +Description: This event is triggered when a file is discovered directly on storage platform under the management of Access Anywhere. A file will be discovered when a Provider Re-sync, Cloud Refresh or Deep Cloud Refresh is performed; this event type does not trigger the 'automatic discovery' of files or folders. The scope of this upload can be narrowed using the Folder selector
  
-You may create multiple automation rules with the same event type.  Typically they will have different conditions but this is not required.+**Available since**: 2106.00
  
-### Condition+### 3. File is discovered on storage or uploaded 
 +Description: This event is the union of Event Types 1 and 2.
  
-For a content detection event the condition is a Content Detection Category. For example “GDPR” or “North America - National Identifiers”.  The condition is true (and the action will be executed) if content has been detected by a content detector that is included in the selected Content Detection Category.+**Available since**: 2106.00
  
-{{ ::dataautomation:content-is-detected.jpg |}}+### 4. File contains matches against Content Discovery Rules 
 +DescriptionThis event is triggered when a file has been scanned using the Content Discovery rules, and the scan results contain one or more matches against the Content Discovery rules. Each rule applies to a single Content Detection Category which must be selected when setting up the rule.
  
-Select ***Create Rule*** to begin adding actions.+**Available since**: 1906.00
  
-### Action 
  
-You may create many actions for each automation rule. 
  
-The following actions are supported:+## Action Types
  
- * Email members of a role +<WRAP center round tip 100%> 
- * Send an email to an email address +Each action type is available only for the event types listed at the end of the action type's description. 
- * Disable file url creation +</WRAP>
- * Move the file to another folder+
  
-## Actions+### 1. Copy file to another folder 
 +This action copies the file that triggered the event to a designated folder. The designated folder can be selected using the folder selector control. The Copy operation will be performed as a Background Task assigned to the Admin user. 
  
-### Email Members of a Role+**Supported Events**: #1, #2, #3, #4
  
-This action immediately sends a notification by email to members of a role.+**Available since**: 1906.00
  
-Configuration+### 2. Perform Content Intelligence 
 +This action sends the file that triggered the event to the Content Intelligence module for analysis. The Content Intelligence extractors that are enabled at the time of the event will be executed for the file. The process of Content Intelligence will be executed via a Background Task and will be performed as per the systems Task scheduling. 
  
- Choose one role (drop-down) +**Supported Events**: #1, #2, #3
- Choose to only send to members to have access to the file+
  
-{{ :dataautomation:email-members-of-role.jpg |}}+**Available since**2006.00
  
-An email like the following will be sent when matching content is detected:+### 3. Transcode file 
 +This action sends the file that triggered the event to be transcoded using Access Anywhere's transcoding capabilities. When configuring this event type, you are required to select the Transcoding Preset you wish the file to be transcoded into. 
  
-{{ :dataautomation:alert-email.jpg |}}+To use the transcode file rule you will need to enable "Video transcoding" through the Organization > Content Intelligence page.
  
-### Send an Email to an Email Address+**Supported Events**: #1, #2, #3
  
-This action allows the event to notify a single email address.+**Available since**: 2106.00
  
-Configuration+### 4. Send email to an email address
  
- * A valid email address.+This action allows the event to notify a single email address when a qualifying event is triggered. The email address is specified during the configuration of the action
  
 {{ :dataautomation:send-email-to-address.jpg |}} {{ :dataautomation:send-email-to-address.jpg |}}
  
-### Disable file url creation+**Supported Events**: #4
  
-This action prevents the file being shared through the creation of shared links.+**Available since**: 1906.00
  
-Configuration+### 5. Send email to members who have a role 
 +This action sends a notification of the triggering event by email to organization members who have the specified role. When configuring the action you must select the role from the dropdown, as well as whether the notification should only be sent to members of that role that have permissions to access the file that triggered the event, or to all members with the role regardless of their permissions. 
  
- Optionally disable shared links that have already been created.+{{ :dataautomation:email-members-of-role.jpg |}} 
 + 
 +An email like the following will be sent when matching content is detected: 
 + 
 +{{ :dataautomation:alert-email.jpg |}} 
 + 
 +**Supported Events**: #4 
 + 
 +**Available since**: 1906.00 
 + 
 + 
 +### 6. Disable file URL creation 
 +This action prevents the file from being shared through the creation of secure shared links. This action can also be configured to disable existing shared links.
  
 {{ :dataautomation:disable-url-creation.jpg |}} {{ :dataautomation:disable-url-creation.jpg |}}
  
-### Move the file to another folder 
  
-This action moves the matched file to a nominated folder. This could be used to quarantine files that may contain sensitive data, or classify files based on specific content. Only one move to folder action is allowed per Content Detection Category.+**Supported Events**: #4 
 + 
 +**Available since**: 1906.00 
 + 
 + 
 +### 7. Move file to another folder 
 +This action moves files matched by Content Detection to a nominated folder. This could be used to quarantine files that may contain sensitive data, or to classify files by location (folder) based on specific content. Only one move to folder action is allowed per Content Detection Category per rule.
  
 Configuration Configuration
  
- * Choose folder from dialog (folder must exist or can be created from dialog) + * Choose folder from the dialog (folder must exist or can be created from dialog)
- * Optionally disable shared links that have already been created.+
  
 {{ :dataautomation:move-file-to-folder.jpg |}} {{ :dataautomation:move-file-to-folder.jpg |}}
  
-A suffix is added to the file as it is moved which includes the date and time. This prevents subsequent updates overwriting the quarantined version. An additional optional suffix may also be added. File extensions are preserved.+A suffix is added to the file as it is moved which includes the date and time. This prevents subsequent updates from overwriting the quarantined version. An additional optional suffix may also be added. File extensions are preserved.
  
-For example, with an provided suffix of "_ContainsSSN" the new name for:+For example, with provided suffix of "_ContainsSSN" the new name for:
  
     CreditApplication.pdf     CreditApplication.pdf
Line 112: Line 130:
  
     CreditApplication_ContainsSSN_2018-08-20_22-08-24.pdf     CreditApplication_ContainsSSN_2018-08-20_22-08-24.pdf
 +    
 +**Supported Events**: #4
 +
 +**Available since**: 1906.00
 +### 8. Call webhook
 +This action causes Access Anywhere to invoke an HTTP callback when a qualifying event occurs.  The Access Anywhere customer using this option is responsible for providing the callback implementation at the URL configured for the action in the rule, and for ensuring that the URL is reachable by Access Anywhere.  
 +
 +{{ ::webhook_url.png?direct&400 |}}
 +
 +The Access Anywhere invokes the callback with the HTTP POST request method. The callback is invoked once per file for which a qualifying event is detected.
 + 
 +The HTTP request will contain a User-Agent header et to the site title of Access Anywhere sending the HTTP request followed by Access Anywhere version,  for example: “NAA Appliance 2106.00“. It will also contain a Content-Type header set to “application/json”.
 +
 +
 +The request body is a JSON representation of information about the file in which the qualifying content was discovered and about the event that caused the webhook to be called. Here is an example:
 +
 +```
 +{
 +   "type":"content_detected",
 +   "date":"2021-06-15 08:51:22",
 +   "data":{
 +      "file":{
 +         "fi_id":"134378721",
 +         "pii_detected_metaids":[
 +            "119",
 +            "118"
 +         ],
 +         "pii_unset_metaids":[
 +            "46",
 +            "129",
 +            "130"
 +         ],
 +         "had_before_pii":{
 +            "119":0,
 +            "46":null,
 +            "118":0,
 +            "129":null,
 +            "130":null
 +         }
 +      },
 +      "filepath":"Amazon S3 files (content indexing)/Sweden - Passport.txt",
 +      "action":{
 +         "ev_id":"59",
 +         "ev_orgid":"3623",
 +         "ev_type":"content_detection",
 +         "ev_param":"118",
 +         "ev_created":"2021-06-14 08:53:52",
 +         "ac_id":"136",
 +         "ac_evid":"59",
 +         "ac_orgid":"3623",
 +         "ac_type":"webhook",
 +         "ac_param":"https://dev.filefabriclabs.com",
 +         "ac_param2":"",
 +         "ac_created":"2021-06-14 08:54:07"
 +      }
 +   }
 +}
 +```
 +
 +Webhook invocations by Access Anywhere will timeout if a connection cannot be established with the webhook host within 3 seconds, or if the first byte of the reply is not received within 30 seconds after the connection is established.  The rule that invoked the webhook will pause until the response is received or a timeout has occurred.
 +
 +At the discretion of the implementor, webhooks can be accessed using HTTP or HTTPS.  The URL's protocol component should indicate the correct method of access. When HTTPS is used Access Anywhere will the SSL certificate provided by the webhook host if validation is turned on in Site Functionality.
  
-Email notifications use the new generated file name and folder location.+{{ ::webhooks_val.png?direct&600 |}}
  
 +**Supported Events**: #4