General Data Protection Regulation (GDPR) search and replace

The European Union GDPR places strict requirements on data privacy and what personal information can be stored. Ivanti Automation 2019.1 adds Automation data search and replace support that you can use to find and replace stored personal information.

You can use this feature to search for specific strings in Automation data and then replace them with a different string (GDPR right to be forgotten). The replacement string cannot be larger than the original string.

This new functionality supports Microsoft SQL and IBM DB2 database types. Support for MySQL or Oracle can be added based on customer request.

Searching Automation data for personal information

Automation may store personal information in these places:

  • Audit Trail entries
  • Job Results
  • Job Logs (that can be part of a Job Result if you grab a log or have tasks that have output; eg: Create/Manage AD User)
  • Query information (that can be part of a Job Result if you have tasks that query for information; eg: Query AD Users)

To search for a string in Automation data

  1. Open a command prompt.
  2. Change the directory to the location where the Ivanti Automation Console is installed.
  3. Run the following command, specifying the search results file and the search string you want to look for.

    processor.exe /findInLogs /processedPath="<drive letter>:\<folder path>\<search_results_file>.txt" /searchString="search string"

  4. View the search results.

When you do a search, these files are created:

  • <search_results_file>.Audits (contains the RowGUID from tblAudits in the database where the search string was found
  • <search_results_file>.jobGuids (contains the jobGuid from tblJobsHistory in the database where search string was found)
  • <search_results_file>.logGuids (contains the GUID of the log files referenced in a Job Result where search string was found)
  • <search_results_file>.masterjobGuids (contains the masterJobGuid from tblMasterJobHistory in the database where search string was found)
  • <search_results_file>.queryImageGuids (contains the GUID of a detailed query result in a Job Result where search string was found)
  • <search_results_file>.queryResults (contains the RowGUID of a query result in a Job Result where search string was found)

Replacing personal information

Once you have identified personal information that you want to replace and have done a search for it as described above, use the following command, specifying the replace string you want to use:

processor.exe /replaceInLogs /processedPath="<drive letter>:\<folder path>\search_results_file.txt" /replaceString="replace string"

The replace command relies on the search results files generated by the search command line. Do not execute the replace command until the search step has completed. Verify this in the Windows Task Manager by making sure processor.exe with the search_String argument is no longer present.

After replacing, you can redo a search for the original search string to make sure it has been replaced or to demonstrate that the personal information data is no longer stored.

If you want to see the found information in the Ivanti Automation Console, the data from the .Audits and .masterjobGuids can be used to find the information in the database. Filter by RowGUID in tblAudits and MasterJobGUID in tblMasterJobHistory to see which entry contains the personal information data. That entry can then be opened in the Ivanti Automation Console.

When replacing a string, make sure the new string is no longer than the one being replaced.

Depending on the size of the data to be searched, the search process can require a lot of time and resources from the system used to scan for GDPR personal information data. The replace process should be very quick if the result set is limited.

Replaced data examples

Here are some examples showing information before and after a search and replace.

The screen shots on the left show the information for a Run Book that creates and manages an active directory user named "gdpr test4". The screen shots on the right show that same information after a search for "gdpr test4" was done and then replaced with "**GDPR4**".