Skip to main content

 

Druva Documentation

Enterprise Search for backed up data

inSync Cloud Editions: File:/tick.png Elite Plus File:/tick.png Elite File:/cross.png Enterprise File:/cross.png Business

Note: Enterprise Search is currently under controlled availability. If your organization wants to use Enterprise Search, kindly contact Druva Support.

Overview

Using the Enterprise Search capability, inSync administrators can quickly find end-user files and emails that are backed up by inSync. inSync uses the metadata attributes of files and emails to deliver fast and accurate search results. 

 

 

 

 

 

 

 

 

 

 

  • Enterprise Search is available for Elite and Elite Plus customers.
  • The Enterprise Search capability is not available for inSync GovCloud customers; the capability will be made available in a future release. 
  • Search of data backed up from mobile devices is not supported.
  • Enterprise Search is not available for customers using Microsoft Azure Storage. 

During the backup operation, after the snapshot creation is complete, inSync starts creating an index of the data that it is backing up. inSync uses metadata attributes like file name, folder name, email subject, and email attachment name to index the data based on delimiters (whitespace, dot, special characters, and so on). 

inSync administrators can search files and emails using a part or the entire file name or email subject. For example, when the administrator searches for "financial report", the search results will contain the following files:

  • Report for quarter end March 2016
  • 2016-2017 financial report
  • Financial health summary for January
  • Sales report for February

inSync will display results that match one or multiple terms. Administrators can use the available search filters and search operators to narrow down search results.

For search, inSync allows three types of operators. Here is the list of operators in order of their priority:

  1. () - Parenthesis operator has the highest priority in a search query. The part of the search query in the parenthesis is executed first. For example, if the query is "quarterly OR report (march AND december)", then the "(march AND december)" part of the query will be executed first. 
  2. OR - By default, inSync uses OR in all search queries that contain more than one word. For example, if you search "monthly sales", then inSync will search all files or emails that either contains the word "monthly" or the word "sales". 
  3. AND - The AND operator has the last priority in a search query. For example, if you search "monthly AND sales", then inSync will search all files or emails that contain both the words "monthly" and "sales". 

Operators should always be entered in capital letters. 

The search results show a maximum of 1000 results that match your search query. inSync displays the search results progressively; loading the search results while scrolling. Using the Email Result option, up to 20,000 search results in CSV format can be sent to the email address of the inSync administrator.

Note: Search results do not list files or emails for users who have enabled Data Privacy settings.

How is the Enterprise Search capability used?

To find malicious data and delete such data

This Enterprise Search capability is critical, especially, for administrators to locate sensitive or malicious data that is backed up by users. Administrators can also delete files from the search results. Deletion is useful when administrators want to prevent exposure of a sensitive file and remove all its occurrences from data source and storage.

Here is an example scenario: An administrator is aware that Joe, an employee, has backed up a PDF containing sensitive data and shared the PDF with other users in the organization. In such a scenario, the administrator can search for the PDF backed up by Joe, and also search for users in the organization who have a copy of the PDF. Even if the file name has been renamed, the administrator can search using the checksum of the file. The administrator can also delete the PDF from the from the data source or both, data source and snapshot.

To download files for offline analysis

To further analyze the search results, administrators can email the search results in CSV format, download the files and emails from the search results for offline review, or ingest the files and emails into a third-party tool for further review.

Here is an example scenario: If an IT administrator observes that a user, Ray, is backing up files that contain sensitive or malicious data, the administrator can easily search for files that were backed by up Ray during a specific time range, and download the files for detailed inspection. 

To restore and download user's data

Administrators can restore files and emails from the search results to the original location or custom location.

Here is an example scenario: Ray, an employee, leaves the organization, and later, Joe, another employee, requires access to an email that was sent to Ray. In such a scenario, the inSync administrator can search for the specific email, and restore the email from Ray’s email account to Joe’s email account. 

To empower inSync Client users to download and restore their backed up data

Using the Enterprise Search capability, inSync Client users can search for files and emails that are backed up by inSync, download the required files and emails from the search results, and also restore emails from the search results to the original location or custom location. Enterprise Search helps inSync Client users gain access to files in case of accidental deletion, or when they want to access a particular file from a device not owned by them.

Here is an example scenario: In case of accidental deletion of an email like “December Sales Training attendees” from the user’s Exchange Online mailbox, the Client user can search their Exchange Online emails with the subject “December Sales Training attendees” sent between 10 December to 23 December, and restore the email to their Exchange Online mailbox from the search results.

Supported Platforms for Enterprise Search

The following table lists the actions that inSync administrators and inSync Client users can perform on the supported data sources using Enterprise Search. 

Data Source inSync Administrator  inSync Client User
(using Search option in Data Sources tab of inSync Web)
Using Enterprise Search option in Governance > Enterprise Search Using Search option in Restore window
Endpoints (Windows OS, Mac OS, Linux OS)
  • Can search, download, and delete files from search results.
  • No restore option available.

Can search, download, and restore files from search results. 

Can search, download, and restore files from search results. 

Cloud Apps files (One Drive, Box, Google Drive)
  • Can search and download files from search results.
  • No restore option available.

Can search, download, and restore files from search results. 

Can search, download, and restore files from search results. 

Cloud Apps emails (Gmail, Exchange Online)
  • Can search and download files from search results.
  • No restore option available.
Can search, download, and restore emails from search results. Can search, download, and restore emails from search results.
Cloud Apps - SharePoint Online Sharepoint file search is not supported. Can search, download, and restore files from search results.  Sharepoint file search is not supported.
MAPI emails
  • Can search and download MAPI emails from the search results.
  • No restore option available.
MAPI email search is not supported.  MAPI email search is not supported. 

Note: Only inSync Cloud administrators and inSync administrators with "Access Data Insights" role can access the Enterprise Search feature in Governance > Enterprise Search.

Search Files

Using the Enterprise Search capability, you can search for files backed up by inSync across all data sources (endpoints and cloud apps) for all users using:

You can use a combination of operators like AND, OR, () and apply filters like file types, file size, file modification time to narrow down your search results. 

When you search, inSync shows you a list of files that match your search query along with the following details:

  • Date when the file was last modified.
  • Name of the user that owns the file. 
  • Data source from where the file was backed up. 
  • The number of versions of a file. If a file has multiple versions, the number of versions is shown in the Versions column. You can click the number in the Versions column to view all the versions of that file and also download a specific version of the file or all the versions in a compressed file format. 

You can also download multiple files from the search results using the Download File option. 

Search Emails

Similar to searching files, you can search for emails backed up by inSync across email services (Gmail, Exchange Online, MAPI) for all users using the

  • Email subject
  • Attachment name

You can use a combination of operators like AND, OR, () and apply filters like recipient's name, sender’s name, emails within a particular date range to narrow down your search results. 

When you search, inSync shows a list of emails that match your search query along with the following details:

  • Attachments for each email.
  • Sender of the email.
  • Recipients of the email.
  • Date when the email was sent or received.
  • The number of attachments in that email. You can view the number of attachments by clicking the attachment icon and view the entire list of recipients by clicking the number in the recipients column. 

You can also download multiple emails from the search results in EML format using the Download Email option. 

Related Links
How to search backed up files
How to search backed up emails