General tab
Two types of fingerprint classifiers can be added: files or database records. The General tab displays all classifiers from both types. Sort or filter columns to locate a specific classifier.
When a database records classifier is highlighted, the bottom of the screen displays the field (or column) names of the selected table. Select the fields to scan (up to 32 per table).
For endpoints, the number of fields selected for a database fingerprinting classifier can affect accuracy. For the most accurate results, scan 3 or more fields.
- If only one field is being scanned, set a minimum threshold of 5 to reduce the likelihood of unintended matches. (When an administrator attempts to set a lower threshold, the system changes it to 5.)
- If you 2 fields are scanned, set the minimum threshold to 3 or more. (Trigger an incident when 3 or more field1/field2 combinations are detected.)
| Number of Fields | Minimum Threshold |
|---|---|
| 1 | 5 |
| 2 | 3 |
| 3 or more | 1 |
If a condition applies to both network and endpoint resources, the threshold is changed for the endpoint only. Network resources retain the threshold you define on the Properties tab.
For more information on creating fingerprint classifiers, see Database fingerprinting section,