Validating fingerprinting scans

To validate your fingerprinting scans:

Optionally, create a copy of the following files in the \ValidationScripts folder where Forcepoint DLP was installed (typically C:\Program Files\Websense\Data Security\ValidationScripts).
- default_validation.bat.sample
- default_validation.ini.sample
  To create your script from scratch, skip this step.
Name your new validation script using the following convention:
<classifier-name>_validation.[bat|exe|py]

Here:
- <classifier-name> is the name of the classifier on which the script will be run. Alternatively, use the word “default” for scripts that run on all classifiers that don’t have specific scripts named after them.
- bat is the extension for a batch file.
- exe is the extension for an executable.
- py is the extension for a python script.
If the script requires a configuration file, name the configuration file using the following convention:

<classifier-name>_validation.[xml|ini]

Place all files in the \ValidationScripts folder on the server where Forcepoint DLP is installed (typically C:\Program Files\Websense\Data Security\ ValidationScripts).

Every validation script must be an executable or a batch file. If there is a need for an infrastructure element, for example the python interpreter, the operating system must be able to automatically initiate the element when the script is being called. To ensure the correct file association is configured, Forcepoint recommends running the script from the command line, without reference to any other executable.

Note: Pay attention not to leave more than one executable or configuration file with the same name and different extension in the validation scripts directory.
The script should receive 2 command-line parameters from Forcepoint DLP: the full path of a source file the system creates, and the full path where the system expects to find a destination file.
- The first line of the source file includes the names of the columns that are available for fingerprinting. The remaining lines contain the data in those columns.
- The script should read and perform validation on the source file.
- The script should write the validated results to a destination file.
- The destination file should be formatted in the same way as the source file— with the names of the columns that were fingerprinted on the first line. Note that the number of columns varies if your script adds or removes columns.
- The destination file must use the name and path that received from Forcepoint DLP.
- The script should return a return code of 0 if everything succeeded, and non- zero if there was a problem.
To have the script use a configuration file, place the configuration file in the same location as the script, and name it with the same name as the script file followed by .xml or .ini. If this file is found, it is supplied as a third parameter to the script.
Create and run the fingerprinting classifier as described in Creating a database fingerprint classifier section. Name the classifier with the name given in step 2.

During the scan, if the crawler finds a script with the following name format, it runs that script:

<classifier-name>_validation.[bat|exe|py]

If it does not find a script with that naming format, it searches for a script named default_validation.[bat|exe|py] and runs that.

If the crawler receives a non-zero return code from the script, the fingerprinting process stops and an appropriate error is returned. In this case, you can either fix the script or remove it then refingerprint.

When the system finds a validation script, the Sample Data screen in the database fingerprinting wizard shows validated data, and not the raw data extracted from the database/CSV. (This is on the Field Selection page of the wizard, where you click View Sample Data.) You can use this to make sure that the validation script behaves as expected, and to see the exact information that is protected.

To run the script on subsequent fingerprint classifiers, copy the script and rename it.