Analysis rules identify issues within your content sources. Each rule embodies a different type of problem.
Detects groups that do not contain any users. This rule helps you keep your data repositories clean so they are easier to manage. Removing empty groups means your users are less likely to grant permissions to the wrong users.
Detects files and folders accessible by people outside your organization. In the case of Egnyte Collaborate, this rule flags files and folders shared with Standard Users.
Detects users that have not logged in or had any activity within a content source. This rule helps limit your exposure by identifying user accounts that should be deactivated or deleted. Reducing the risk of a brute force attack and exposure of sensitive data.
Detects folders that are directly permitted to individual users, rather than to groups. It is a general security best practice to grant permissions to groups of users rather than individuals.
Detects folders where NTFS permissions are not working correctly, due to ACL ordering issues or orphaned inheritance. Malformed Permissions is only supported for Windows File Servers (WFS) and Common Internet File Systems (CIFS)
Detects folders that are permitted to groups containing many users. In such situations, folders may be accessible by many more people than intended.
Certain groups will automatically be included in this rule such as All Power Users, but if you’d like to add additional groups, you can select them by clicking on the rule and then clicking on the setting under General Rule Settings.
Detects files and folders accessible via public links. These are any links that do not require a password and are not limited to domain users (i.e. they are open to the public).
Detects groups not used to grant any folder permissions. The group may or may not have users in it, but it is not being used in any of the content repositories that Egnyte Secure and Govern is overseeing. This rule helps you keep your data repositories clean so they are easier to manage.
Detects user accounts that are potentially compromised by ransomware. This rule allows you to detect ransomware infections early and stop them by disabling impacted user accounts
Detects users who download or delete an unusually large number of files, which may indicate malicious activity. This rule helps you keep a close tab on the activity of all your users and reduce insider threats to your data.
Detects anomalous user login activity that may indicate a compromised account. The rule looks for concurrent logins that originate from two different locations and logins from restricted countries. It helps you ensure that all the user accounts are safe. You can customize the rule to your needs by allowing a range of IP addresses from which you would expect your users to log in, flagging user accounts that you expect will have concurrent logins, or removing countries from the restricted list.