PlatformProduct updates

Lineage

Overview of Lineage

Data Lineage in Getvisibility provides a comprehensive view of a file's lifecycle, tracking its origin, movement, transformation, and usage. This enhances security, compliance, and forensic investigations by offering end-to-end visibility into data activities.

Traditional data monitoring provides static snapshots, which quickly become outdated, especially for large datasets. Real-time lineage addresses this by:

  1. Reducing Dependency on Rescans: Once streaming is enabled, changes are captured instantly.

  2. Improving Visibility: Organizations can see data movements in near real-time.

  3. Enabling Faster Incident Response: Security teams can quickly assess and respond to threats.

Use Cases

Data Lineage was developed to enable forensic investigations, ensuring organisations can:

  1. Investigate Incidents: Identify the root cause of security incidents, such as data breaches or unauthorised sharing.

  2. Enhance Compliance: Maintain audit trails for regulatory requirements.

  3. Support Risk Mitigation: Quickly respond to suspicious activities and apply appropriate remediation actions.

Pre-Requisites to See Lineage

  1. Connection to Each Data Source: Ensure that each Data Source to be monitored has been configured in Getvisibility.

  2. Enabling Streaming: Activate real-time event streaming for each connector.

Navigation to Lineage

  1. From Enterprise Search: Select a file and click on "Lineage" in the dropdown.

  1. From Open Risks: Identify a flagged file and expand the side menu.

Lineage UI Explanation

Filters:

  • Event Type (Create, Modify, Delete, Share, Move, etc.)

  • Data Source

  • User Activity

Export:

  • Export lineage details to CSV for auditing and reporting.

Color Scheme:

  • Green: Normal activity

  • Yellow: Medium-risk events (e.g., permission changes)

  • Red: High-risk events (e.g., external sharing)

Description of the Lineage Screen

Lifecycle: Displays the complete lifecycle of a file from creation to current state.

Event Timeline: Chronological list of all file-related actions.

User & Device: Shows which users and devices interacted with the file.

File Path: Original and current locations of the file.

List of Events Supported by Each Data Source

Common Events:

  • Create

  • Modify

  • Delete

Extended Events (via Audit Logs)

  • Change Permissions

  • Share

  • Move

  • Copy

  • Rename

  • Upload

  • Download

Data Source Specifics:

  • Google Drive: Audit log events available.

  • Azure (SharePoint Online, OneDrive, Blob, Files): Audit log events supported.

  • Box & Confluence: Extended events available in regular logs.

  • AWS S3, SMB, Dropbox: Limited to Create, Modify, and Delete.

Use Case for Lineage

Lineage supports forensic investigations, such as:

  1. External Sharing Investigation: When a file is shared externally, security analysts can trace its history to determine if the action was intentional or accidental.

  2. Suspicious Activity Investigation: If a user accesses and downloads sensitive information after a password reset, lineage provides detailed insights.

  3. Incident Response: Analysts can determine what actions to take, such as revoking access, quarantining files, or addressing user behaviour.

How to Access Lineage

  1. Enterprise Search: Select the file, click the dropdown, and choose "Lineage."

  2. File View: Expand the file details and navigate to the "Lineage" tab.

Hover and Export Options

  1. Event Description: Hovering over event icons shows a brief description.

  2. Export: Export the entire lineage history, including metadata, to CSV for audit trails and reporting.

Data Lineage empowers organisations with real-time visibility, advanced threat detection, and comprehensive forensic capabilities, ensuring sensitive data remains secure and traceable.

PreviousDDR Supported EventsNextSupported Data Sources

Last updated

Was this helpful?