Lineage

Overview of Lineage

Data Lineage in Getvisibility provides a comprehensive view of a file's lifecycle, tracking its origin, movement, transformation, and usage. This enhances security, compliance, and forensic investigations by offering end-to-end visibility into data activities.

Traditional data monitoring provides static snapshots, which quickly become outdated, especially for large datasets. Real-time lineage addresses this by:

1. Reducing Dependency on Rescans: Once streaming is enabled, changes are captured instantly.

2. Improving Visibility: Organizations can see data movements in near real-time.

3. Enabling Faster Incident Response: Security teams can quickly assess and respond to threats.

Use Cases

Data Lineage was developed to enable forensic investigations, ensuring organisations can:

1. Investigate Incidents: Identify the root cause of security incidents, such as data breaches or unauthorised sharing.

2. Enhance Compliance: Maintain audit trails for regulatory requirements.

3. Support Risk Mitigation: Quickly respond to suspicious activities and apply appropriate remediation actions.

Pre-Requisites to See Lineage

1. Connection to Each Data Source: Ensure that each Data Source to be monitored has been configured in Getvisibility.

2. Enabling Streaming: Activate real-time event streaming for each connector.

Navigation to Lineage

1. From Enterprise Search: Select a file and click on "Lineage" in the dropdown.

1. From Open Risks: Identify a flagged file and expand the side menu.

Lineage UI Explanation

Filters:

• Event Type (Create, Modify, Delete, Share, Move, etc.)

• Data Source

• User Activity

Export:

• Export lineage details to CSV for auditing and reporting.

Color Scheme:

• Green: Normal activity

• Yellow: Medium-risk events (e.g., permission changes)

• Red: High-risk events (e.g., external sharing)

Description of the Lineage Screen

Lifecycle: Displays the complete lifecycle of a file from creation to current state.

Event Timeline: Chronological list of all file-related actions.

User & Device: Shows which users and devices interacted with the file.

File Path: Original and current locations of the file.

List of Events Supported by Each Data Source

Common Events:

• Create

• Modify

• Delete

Extended Events (via Audit Logs)

• Change Permissions

• Share

• Move

• Copy

• Rename

• Upload

• Download

Data Source Specifics:

• Google Drive: Audit log events available.

• Azure (SharePoint Online, OneDrive, Blob, Files): Audit log events supported.

• Box & Confluence: Extended events available in regular logs.

• AWS S3, SMB, Dropbox: Limited to Create, Modify, and Delete.

Use Case for Lineage

Lineage supports forensic investigations, such as:

1. External Sharing Investigation: When a file is shared externally, security analysts can trace its history to determine if the action was intentional or accidental.

2. Suspicious Activity Investigation: If a user accesses and downloads sensitive information after a password reset, lineage provides detailed insights.

3. Incident Response: Analysts can determine what actions to take, such as revoking access, quarantining files, or addressing user behaviour.

How to Access Lineage

1. Enterprise Search: Select the file, click the dropdown, and choose "Lineage."

2. File View: Expand the file details and navigate to the "Lineage" tab.

Hover and Export Options

1. Event Description: Hovering over event icons shows a brief description.

2. Export: Export the entire lineage history, including metadata, to CSV for audit trails and reporting.

Data Lineage empowers organisations with real-time visibility, advanced threat detection, and comprehensive forensic capabilities, ensuring sensitive data remains secure and traceable.