Enterprise Vault Whitepaper Netbox Blue Integration with Enterprise

Transcription

Enterprise Vault Whitepaper Netbox Blue Integration with Enterprise
Enterprise Vault Whitepaper
Netbox Blue Integration with
Enterprise Vault
This document describes how Netbox Blue’s Social Risk Management products can capture unified
communications, instant messages, collaboration, and social media traffic and archive the contents into
Enterprise Vault with rich metadata and indexing for enhanced search value from the data.
This document applies to the following version(s) of Enterprise Vault: 10 and 11 (including 11.0.1)
If you have any feedback or questions about this document please email them to [email protected]
stating the document title.
Copyright © 2015 Symantec Corporation. All rights reserved. Veritas and the Veritas Logo are trademarks or
registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be
trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating
to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law.
The information in this document is subject to change without notice.
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Document Control
Contributors
Who
Contribution
Daniel Strydom
Author
Andy Joyce
Reviewer
David Scott
Contributor/Reviewer
John Fison (Netbox Blue)
Contributor/Reviewer
Trent Davis (Netbox Blue)
Contributor/Reviewer
Revision History
Version
Date
Changes
1.0
April 2015
Initial release
Related Documents
Document Title
Version / Date
Upgrade to Enterprise Vault 11.0.1
http://www.symantec.com/page.jsp?id=upgrade-ev
Netbox Blue’s Social Risk Management Capabilities and EV integration
demonstration https://youtu.be/GCnckLMWC54
Page i
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Table of Contents
Terminology .................................................................................................................................................. 1
Introduction.................................................................................................................................................... 1
Netbox Blue’s Social Risk Management (SRM) Platform ............................................................................. 2
Capture ...................................................................................................................................................... 2
Secure ....................................................................................................................................................... 2
Control ....................................................................................................................................................... 3
Supervise ................................................................................................................................................... 3
Archive ....................................................................................................................................................... 3
Architectural Overview of Netbox Blue’s SRM platform ................................................................................ 4
Deployment options for the Netbox Blue SRM Platform ............................................................................... 5
Microsoft Lync ........................................................................................................................................... 5
ICAP .......................................................................................................................................................... 6
Direct Proxy ............................................................................................................................................... 7
Secure Web Gateway................................................................................................................................ 8
Netbox Blue Integration with Enterprise Vault ............................................................................................ 10
Rich Metadata and Intelligent Indexing ................................................................................................... 10
Capturing Content and Enterprise Vault Ingestion .................................................................................. 11
Enterprise Vault Search ....................................................................................................................... 15
Compliance Accelerator ....................................................................................................................... 15
Discovery Accelerator .......................................................................................................................... 16
Licensing ..................................................................................................................................................... 17
Conclusion................................................................................................................................................... 17
Appendices
Appendix A – Deploying the Netbox Blue SRM software
Appendix B - Extensive Metadata Capture
Page ii
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Terminology
The following terms and abbreviations are referred to throughout this document:
Term
Description
AD
Active Directory
AV
Anti-virus
EV
Enterprise Vault
ICAP
Internet Content Adaptation Protocol
LSI
Local Software Instance – the VM itself that does the capture
SRM
Social Risk Management
SWG
Secure Web Gateway
Introduction
Netbox Blue is a Symantec Technology Enabled Partner and the Social Risk Management platform is
certified for use with Symantec Enterprise Vault.
Netbox Blue’s unique platform offers:

Reliable capture of Social Media, IM, Collaboration communications and even web search
requests.

Active compliance to allow organizations to implement a range of innovative pre-posting security
and compliance policies to ensure regulatory, workplace and cultural compliance.

Archive ingestion to Symantec’s Enterprise Vault platform with full metadata and intelligent indexing
to provide ease of search and discovery, as well as digital sustainability.
This integration ensures that the associated Symantec tools – Discovery Accelerator, Compliance
Accelerator and eDiscovery Platform (powered by Clearwell) can easily perform unified search and
discovery across all content stored in the Symantec Enterprise Vault.
This document describes the methods available to capture social content, the active security and
compliance services offered by Netbox Blue and the ingestion of the social content to Enterprise Vault.
Examples of the search and discovery and summary details on how the platforms are integrated is also
included in this document.
The document also describes the rich metadata and intelligent indexing that is created by the integration of
Netbox Blue’s platform with Symantec Enterprise Vault.
Page 1
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Netbox Blue’s Social Risk Management (SRM) Platform
Netbox Blue’s SRM Platform has the ability to capture and control instant messages from public IM
networks, enterprise IM networks (such as Microsoft Lync), community networks (such as Google
Hangouts), as well as web and messaging networks. In addition the platform offers the ability to capture
web search requests. The value in doing this is to add context to an audit or compliance review case. All of
the captured content can be archived and intelligently indexed by Enterprise Vault.
Messaging Category
Public IM Networks
Enterprise Unified
Communication and
Collaboration
Public Social Media
Google
Web search
Supported Platforms
•
AOL Instant Messenger
•
Google Talk and Google Hangouts
•
Yahoo Messenger
•
Microsoft Lync
•
Microsoft Yammer
•
Cisco Unified Presence (Jabber)
•
Facebook
•
Twitter
•
LinkedIn
•
Google Apps for Work (Gmail, Hangouts and Chat)
•
GMail
•
Google
•
Yahoo
•
Bing
•
YouTube
•
Wikipedia
Table 1 – Platforms Supported by Netbox Blue’s Social Risk Management Platform
Netbox Blue’s Social Risk Management (SRM) platform offers a wide range of features for managing and
capturing messaging. These features include flexible capture methods, security, management and control
as well as compliance.
Even content such as saving drafts can be captured, preventing potential data leaks or unapproved content
leaving the organization. The “save drafts” feature of Gmail has been used by malware as a place to interact
with the command and control servers as it is normally just the completed emails that are ever captured (if
at all), rather than the saved drafts.
An overview of these SRM features is provided in the next section.
Capture
Customers can choose how to capture communications – from a proxy-based capture solution, including
integrating with an existing proxy solution, endpoint capture technologies or other methods. All of these
methods provide comprehensive security and risk management solutions.
Secure
As the use of Social Media, IM and collaboration tools increases, so do the security risks. Netbox Blue
offers a broad range of security features, including:

Malware scanning – detection and blocking of web borne malware

Secure Access Controls for corporate social media accounts
Page 2
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration

Identity Management – linking each communication to each staff member

Prevention of vicarious liability through the addition of disclaimers

Identifying rogue accounts in use within an organization that could otherwise have a far-reaching
reputational impact.
Control
Risk-averse organizations have been managing their internet-based communication channels for email and
in some cases voice and other file sharing applications for many years. As Social Media, IM and
collaboration tools pervade office environments, so the controls must adapt to these otherwise uncontrolled
communication channels.
Netbox Blue’s platform provides a unique ability to apply pre-defined pattern matching technology on
communications before they are transmitted or posted. This unique ability to apply active compliance “instream” gives organizations the ability to prevent issues occurring.
In-built patterns are available, while custom policies can easily be set up.
A full reporting and alerting system is included with the Social Risk Management platform to ensure
breaches are recorded and supervisors notified as required.
Supervise
Many organizations are now looking to enable digital transformation by engaging their staff on social
channels. This can improve customer service or add many new brand advocates to help promote new
products or services.
Netbox Blue’s platform offers the ability to hold messages that meet predefined criteria for review. This can
be used to review any potentially sensitive messages that may include an executive’s name, a released
product name or financially or market sensitive data such as an acquisition target. The feature offers
automated workflow and logging for training purposes and all data can also be passed into the
organization’s archive platform.
Further supervisory capabilities are available including ethical wall establishment.
Archive
Netbox Blue’s platform is able to present social communications into the organization’s Enterprise Vault
archive platform. Using the COM API for EV 10, and as of EV 11.0.1, through the direct SMTP ingestion
method.
These communications are presented in an evidentiary quality format that is digitally sustainable.
Netbox Blue adds value to the data by:

Passing it to the Enterprise Vault archive platform in a standard format, enabling ease of search
and discovery

Adding all associated metadata

Time stamping each message
Page 3
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration

Adding the unique user identity (i.e.: the AD user name, not just the user name on the social
platform)

De-duplicating the messages to ensure the data store remains manageable and
threading communications for contextual value.
Netbox Blue identifies each unique user by integrating with the organization’s Directory Services.
Capitalizing on existing Secure Web Gateway authentication services, user identity is preserved through
on each message, both inbound and outbound.
Architectural Overview of Netbox Blue’s SRM platform
The platform is deployed as a Local Software Instance (LSI) running in a virtualized (VMware) environment.
This enables ease of deployment as well the ability to build on the High Availability options provided by
VMware.
The next section outlines the various ways the LSI can be deployed to capture the traffic. Once the traffic
has been captured, it can be ingested into to EV using ether the legacy API method, or the SMTP direct
ingestion method available as part of EV 11.0.1.
An extension is then installed into the EV server to facilitate direct ingestion of SMTP data. When the LSI
prepares the captured data for archiving, the metadata is also set using MIME headers. With the assistance
of the extension, the data is correctly then indexed by EV. This means that searches can look for specific
values in specific fields – providing a much richer search experience, and accelerating the time it takes to
get the results that are needed. See the section “Rich Metadata and Intelligent Indexing” for more
information on the values captured, and the attribute names in EV.
By using the EV extension, the LSI is also able to associate each content source with an existing Retention
Category. This allows for simple management of required storage, without the administrator having to
manually configure each content source.
The deployment of the LSI is covered in Appendix A.
Page 4
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Deployment options for the Netbox Blue SRM Platform
Netbox Blue's Social Risk Management Platform can be deployed within an organisation's network in four
primary ways, depending on the capture requirements. More than one method can be used at a time with
a single instance, allowing for different capture methods for different networks. For example, a WiFi network
with BYO devices may have a different deployment method and rule set to users on corporate wired
devices. This can all be one in a single instance saving on compute resources, and simplifying
administration.
Microsoft Lync
The Netbox Blue SRM platform can capture Lync 2010 and Lync 2013 chat messages and package them
in a universal format to be submitted to the Enterprise Vault Archiving service. It's role is to query the Lync
archive service to extract the Lync messages, then package these messages into the correct format before
sending to EV, (with all the relevant metadata information such as user identity, profile name, timestamps,
etc.), to the Enterprise Vault archiving service.
Note: Lync Archiving services (in addition to the core Lync services) must have a valid license and be
correctly configured before this deployment role can be supported. More information can be found at
technet.microsoft.com.
Diagram 1 - Microsoft Lync integration with Netbox Blue's SRM and ingestion into Symantec EV
Page 5
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
There are three key aspects to this deployment method:
1. Installing the Netbox Blue Lync Service, which is a service typically installed onto the Lync Archive
Server.
2. The Netbox Social Risk Management Platform Local Software Instance (LSI). This is a virtual
machine to which the Netbox Blue Lync Service will communicate.
3. Setting the destination server within the Netbox Blue platform for Enterprise Vault.
The Netbox Blue Lync Service queries the Lync Database, and sends all the relevant chat messages to the
Netbox LSI via an encrypted and secure connection.
The Netbox LSI then collates the data and sends it, via secure SMTP, to the Symantec Enterprise Vault
Archiving service.
ICAP
ICAP (Internet Content Adaptation Protocol) is a fast, reliable process where two complementary services
can talk together (for example, a secure web gateway (the ICAP client) sending HTTP data to an Anti-Virus
server (the ICAP server) for scanning, and then the AV server responding to the proxy with an action to
take based on if it is “clean” or “infected”). ICAP is also often used by DLP servers.
Most enterprise Secure Web Gateways (SWG), web proxy and caching solutions support ICAP, and can
be configured to send traffic destined to specific domains to the Netbox Blue SRM Platform for further
action.
This mode is ideally suited to environments where the firewall is not being replaced and the Netbox Blue
SRM platform is being implemented to work with an existing web proxy that is performing HTTPS inspection.
In ICAP mode the Netbox Blue Platform is configured to sit behind the existing firewall and is connected to
a SWG with a standards-based ICAP connection.
The SWG is then configured to pass traffic to the Netbox Blue Platform, which then performs pattern
matching analysis and rules on this data stream. The Netbox Blue platform then makes a determination on
Page 6
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
this information and passes allowed traffic back to the SWG, or returns a denied message within the
platform interface.
Diagram 2 - Netbox Blue's SRM ICAP integration with an existing Secure Web Gateway showing the
active compliance and ingestion to Symantec EV
Direct Proxy
Direct proxy or “Explicit Proxy” is typically used within organisations that do not already have a direct proxy
configuration (such as when no web filtering is in place).
Web traffic is redirected to the Netbox Blue Platform, usually via a proxy.pac file that can be pushed out to
a select group of users via a Group Policy.
Furthermore, the .pac file can be configured to send traffic to those sites you're specifically interested in
(e.g., *.twitter.com, *.aim.com) to the Netbox, where all other traffic goes out directly through the firewall.
Netbox Blue can help customise a suitable proxy automatic configuration file for you as part of the
implementation process.
Page 7
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Diagram 3 – Netbox Blue’s Direct Proxy showing the active compliance and ingestion to Symantec
EV
Secure Web Gateway
A secure web gateway deployment means the Netbox Blue platform becomes a gateway for one or more
networks. In essence, the Netbox Blue platform is now a router, with at least two network interfaces, each
of which sits in a different subnet. Traffic will flow through it courtesy of network routing - be that either
default/static routing, or Policy Based Routing.
This method is more complex to integrate into an existing network and therefore consultation
with Netbox Blue engineers should be conducted before any plan is agreed upon. This gives the ability for
the organisation to leverage the other technologies Netbox Blue provides such as user identification, web
filtering and virus scanning as part of an integrated solution.
Page 8
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Diagram 4 - Netbox Blue’s Secure Web Gateway showing the active compliance and ingestion to
Symantec EV
Page 9
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Netbox Blue Integration with Enterprise Vault
Content can be ingested directly into Enterprise Vault using the new SMTP ingestion method provided as
part of version 11.0.1 and later. Using the Netbox Blue EV extension, the extensive metadata provided by
the Netbox Blue capture solution can be surfaced in EV and accompanying solutions, including Compliance
Accelerator, Discovery Accelerator and eDiscovery Platform1.
The data flow from capture to ingestion is shown is this diagram:
Diagram 5 - Data flow from capture to ingestion
Rich Metadata and Intelligent Indexing
Once the captured data is ingested into EV, a number of additional attributes are available on each message
from the Netbox Blue LSI. By having all of the metadata in their own attributes in EV, it makes the searching
and retrieval of data much faster and easier. For example, rather than having to know the profile name of
a user, they can be searched by their AD username. This will retrieve not only their corporate email, but
also all their interactions with the various social platforms. This covers both incoming and outgoing user
generated content. Additionally, having the metadata attributes available, the filter can then easily be
narrowed to just one platform, and even a direction.
For example a single search could cover all of Bob’s outgoing IM conversations where NBB was mentioned
on Google Hangouts. As the search is done on the metadata, it is quick and easy to create the search, and
it will return reliable results. Traditional solutions (if there was any capture of social media), would not tie
the interactions back to an AD user, nor would it have the metadata available as their own attributes. So a
filter by “Google” would pick up all messages that mentioned Google anywhere in the body.
1
At the time of publishing this document eDiscovery Platform support for search SMTP data was still
pending. Full support for searching SMTP data will be added to version 8.1.1 of eDiscovery Platform.
Page 10
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Some of the metadata captured includes:
Search attribute name
EVSP.OriginalLocation
Display name
Reference URL
EVSP.CreatedDate
First time
EVSP.ModifiedDate
Edit times
EVSP.CreatedBy
User
EVSP.ModifiedBy
Editors
NBB.Usernames
Organisational
Users
Thread ID
NBB.ThreadID
Description
List of original web locations, such as links to the user
profiles of those who have participated in a Facebook post
Local time for the scanned user, when the first contribution
to an item of social content was made. For example, the
date a search was performed, or, the date of the first post
in a discussion.
Local times for the scanned user, when each contribution
to an item of social content was made. For example, a list
of date-times for each post in a discussion, starting with
the creation time.
The organisation user that read a thread, first posted in a
thread, or that performed some search or status update,
etc.
All users that posted to a thread or participated in a
discussion in some way (whether they are organisation
users or not).
A list of users involved in a social item that belong to the
organisation being archived (e.g., Active Directory users).
Netbox identifier for an archived item
Table 2 - Metadata search attributes sent to Symantec EV
The full mapping of available attributes and their meaning is available on the LSI in the online help. The
online help is updated as new metadata becomes available.
Capturing Content and Enterprise Vault Ingestion
The EV extension provides the ability to automatically configure archives and archive types for the different
platforms and content providers. The following screen shot shows the Netbox extension installed into
Symantec Enterprise Vault.
Page 11
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Diagram 6 - Screen shot of the installed Symantec EV extension
The Extension is configured using a local web interface, loaded from the extension using the Manage
button. The web configuration, shown below, connects the EV Extension to the Netbox Blue LSI.
Diagram 7 - Screen shot of the local extension configuration screen
Page 12
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Once connected to the LSI, the capture options and the archives used for each content type are configured
on the LSI web interface.
These configuration options include the SMTP ingestion address of the EV server (note: this is the direct
SMTP ingestion address of the server, not a journal mailbox), the content to be captured (based on group
membership, platform, inbound/outbound, time of day and even content patterns) and setting the policies
for which communication platform(s) should go to which archive. The retention category can also be
configured based on the platform.
A suggested configuration can be provided, and this will automatically create all of the archive types and
archives in EV, greatly simplifying the deployment process. The available archive categories are extracted
directly from the EV instance, allowing for complete flexibility in the available options. An example
configuration is shown below.
Page 13
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Diagram 8 - Screen shot of the Netbox Blue SRM configuration user interface for Enterprise Vault
integration
Once the EV Extension is installed and connected to the Netbox Blue LSI and enabled, the archive types
and archives will automatically be created and configured. This process is completely automated. Captured
data is then submitted to EV on a scheduled basis (once a day in the example above but it can be as
frequently as every 30 minutes).
Page 14
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Enterprise Vault Search
The process to search by each of these attributes depends on the tool selected. Below is a simple search
in Enterprise Vault Search, showing the additional metadata in the last column.
Diagram 9 - Screen shot of a search in Symantec EV, showing some of the additional metadata
Compliance Accelerator
The additional metadata can also be accessed in Compliance Accelerator. The screen shot below shows
the type of the message highlighted as “social”, shown in the History tab that exposes these additional
attributes.
Page 15
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Diagram 10 - Screen shot of a search in Compliance Accelerator, showing some of the additional
metadata
Discovery Accelerator
The filter creation in Discovery Accelerator is shown in the following image. This is filtering by a specific AD
user (irrespective of social media profile used), and filtering to just searches that have been made.
Discovery Accelerator makes searching by additional attributes very easy in the search creation user
interface.
Page 16
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Diagram 11 - Screen shot of Symantec Discovery Accelerator showing searching by the additional
metadata
Licensing
The Netbox Blue Service requires a subscription license for each user that is being supported by the
services.
This license is charged based on the platforms being captured and the range of services required.
Please contact Netbox Blue for more details: http://netboxblue.com/webform/implementation-checklist.
Conclusion
Netbox Blue provides flexible solutions to help organizations control and capture activities by employees
on public and corporate IM networks and corporate collaboration networks as well as social media networks
such as Facebook, Twitter, and LinkedIn.
Captured content can be automatically archived into Enterprise Vault. The archived content can then be
searched by Compliance Accelerator, Discovery Accelerator and eDiscovery Platform. This allows
organizations to provide a more complete picture of their environment when the need for eDiscovery arises
by not only being able to search mail and file archives, but also have the ability to search against instant
messages and social media networks.
Page 17
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
APPENDIX A - Deploying the Netbox Blue SRM software
platform
This document outlines the prerequisites and basic steps to install the Netbox image into VMware. This
will get the core OS installed. A license key and download link will be provided upon request. This same
process is followed for all instances of the Netbox appliance, the registration key then activates and
installs the relevant components for your installation.
Minimum System (for testing)
The guest OS must have at least the following (this is suitable for a testing environment):

RAM: 4GB

Storage: 20GB SCSI drive

Network: 2x Ethernet connections (VMXNET 3)

VMware version: ESX/ESXi v5.0 or later (with 64-bit guest support)
Recommended System (for production)
This system is the recommended system for the Netbox Blue software (note: this will vary depending on
the number of users of the system, following is for around 100 users.):

RAM: 8Gb

Storage: 100GB SCSI drive

Network: 2x Ethernet adaptors (VMXNET 3)
Unsupported Configurations
Items that are not supported and/or will not work with the Netbox Blue software.

IDE drives
Supported Extras (additional users)
Additional resources will be required for more users. The following items may be added to the VMware
system and will be supported by the Netbox Blue software. Note that some items may require activation
by Netbox Blue or an update initiated via the user interface.

Additional memory, the maximum memory supported is 64GB
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration

Additional storage, up to 2TB is supported
o
An additional 2TB disk is supported for the Content Acceleration Platform

Additional Ethernet adapters

Additional CPU's, up to 8
As a rule of thumb, for every 100 users, an additional 2GB of RAM and 50GB of storage should be
allocated. An extra CPU core should also be added per 200 users.
Important Notes on Creating the Guest Environment
Following are the options for creating the recommended guest environment for the Netbox Blue
software:

Create a new VM

Start with a typical configuration, for Linux, Red Hat Enterprise Linux 5 (64-bit)

Add 2 NIC's (the first is the LAN connection, the second the Internet connection), these should
be “VMXNET 3”

Create a disk with the required amount of storage (this should be at least 20GB, but typically
much larger)

Adjust the RAM to what is desired

Add additional processors if desired

The ISO image may also be connected to the “New CD/DVD” device, ensure “Connect at power
on” is selected
Powering the System On and Off
As VMware Tools are automatically installed once the system is activated, the system can be powered
down gracefully using the standard VMware options.
Installing the Netbox Software
To install the Netbox software, connect the ISO image to the virtual CD-ROM drive after creating the
VM. The VM should then boot from the CD and start the install process.
Note: There may be errors and alerts during the boot process. This is normal as drivers and services for
all configurations are tested during the boot sequence.
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Once installation is complete, the CD-ROM drive is not required, and can be removed from the VM
configuration if desired
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
APPENDIX B – Extensive Metadata Capture
Netbox Blue's Social Risk Management (SRM) solution has the ability to capture social and IM messages
and send them to Symantec Enterprise Vault in a native format. Capturing extensive metadata allows for
much faster eDiscovery and retrieval at the time you need it – in the case of an incident.
The available metadata and auxiliary data the solution can capture for each "message" includes:
Message ID: A unique identifier for the specific message, be that a post, IM or a search. Message ID's are
the same for the same post both incoming and outgoing. This provides the ability to correlate when a
message was sent, and when it was read.
Thread ID: An identifier for a conversation stream. This provides a way to quickly identify what a specific
message by viewing it in the full context of the communication. With out it a single line IM would likely
have little meaning.
Parent ID: In the case of a comment for example on a post, this provides a reference as to what message
this was in response to, allowing the look and feel of the original conversation to be reconstructed.
IP Address: The IP address of the user sending or receiving the content when this was captured. This
helps to identify the device a specific post was made from or consumed on.
Received Time: The time with the message was captured by the solution, but before it has been pushed
to the archive queue. Depending on deployment, this is normally a few seconds before Queued Time.
Queued Time: This is the time the message was made available in the archive queue. Depending on the
archive provider this may be pushed in near real time, or queued up and sent as a batch on a regular
interval.
Sent Time: The time the platform reports when the message was sent in the case of incoming messages.
This is the time it was captured in the case of outgoing messages.
Source: How the message was captured, it could be from a plug-in app in the platform, real time via
ICAP or via our secure web gateway.
User ID: This is the Active Directory (or other directory server if configured) identifier of the user making
a specific post or read. This allows tracking of the source of a message to an individual in the
organization, not just to a social account. It becomes even more relevant when there are many users
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
interacting with an organization’s public social media assets, as everyone typically would log in with the
same social account. Without this metadata, identifying the individual who actually made a post is not
possible.
User Email: Linking back to the User ID, the users internal email address is also recorded. This simplifies
searches across all platforms in the archive as when searching for an email address, not only will emails
be returned, but also all social and IM interactions in a single view.
Application: The application to which a specific message relates to, this could be Twitter, LinkedIn,
Google etc.
Services: Messages are grouped into a number of services across all of the applications. This again allows
for easy searching, for example fining all chat messages for a user, or searches that were done.
Actions: For each Service, there is an action that can be taken, the most common ones are send and
receive, but things such as accept friend request, safe draft and the like can also be captured.
Recipients: All of the recipients of a message, where applicable, are captured. These are the recipients
on the social platform. The metadata captured of each of these can include:
Social Media display name
Profile URL
Email address (used on the social platform)
Sender: The same metadata on the Senders an the Recipients is also captured.
Bodies: The full body of the post is captured, if it is not just plain text, the HTML representation (or other
format if applicable) is also captured.
Subject: For items where there is a subject, such as web mail, this is captured.
Events: If Netbox Blue's governance enforcement module is activated, and a policy is triggered, this is
recorded. This includes additional metadata such as the policy that was matched, if the message was
blocked or held for moderation, and if an alert was sent.
Tags: Any additional metadata that does not have a specific field and specific to a platform or service,
this can include things such as geolocation information, dates etc.
Groups: For platforms that support the creation of groups (for example Yammer), the information about
the group is captured, which can include:
Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration
Status: Such as public of private
URL: The public URL to access this group
ID: A unique identifier for the group
Name: The name of the group that is displayed to the user.
Attachments: Attachments can also be captured, including images, videos and documents. Where
possible additional data is also captured including:
Name: The original name of the attachment
Size
URL: If a public URL is available, this is included
Content Type: The MIME type of the attachment, such as "image/jpeg"
Content ID: If required, to link it back to the body of the message, such as an image in an email coming
in via webmail.
About Symantec:
Symantec is a global leader in
providing security, storage, and
systems management solutions
to help consumers and
organizations secure and
manage their information-driven
world. Our software and
services protect against more
risks at more points, more
completely and efficiently,
enabling confidence wherever
information is used or stored.
Headquartered in Mountain
View, Calif., Symantec has
operations in 40 countries. More
information is available at
www.symantec.com.
About Netbox Blue:
Since 1999 Netbox Blue has
been a leading provider of
network security and content
filtering solutions. Netbox Blue is
also now a leading provider of
Social Risk Management
solutions. This patented
technology was launched in
2008 and since then Netbox
Blue has built a global reputation
for innovation and reliability.
Netbox Blue was recognized by
Gartner as a ‘Cool Vendor’, with
specific relevance to the Archive
and eDiscovery market.
Headquartered in Australia,
Netbox Blue can be contacted at
[email protected] or via
www.netboxblue.com
Copyright © 2015 Symantec
Corporation. All rights
reserved. Veritas and the
Veritas Logo are trademarks or
registered trademarks of
Symantec Corporation or its
affiliates in the U.S. and other
countries. Other names may be
trademarks of their respective
owners.
Symantec Corporation
For specific country offices and
contact numbers, please visit
our Web site:
www.symantec.com
World Headquarters
350 Ellis Street
Mountain View, CA 94043 USA
+1 (650) 527 8000
+1 (800) 721 3934
This document is provided for
informational purposes only and
is not intended as
advertising. All warranties
relating to the information in this
document, either express or
implied, are disclaimed to the
maximum extent allowed by law.
The information in this
document is subject to change
without notice.