General Data Protection Regulation (GDPR) search and replace

The European Union GDPR places strict requirements on data privacy and what personal information can be stored. Ivanti Automation 2019.1 adds Automation data search and replace support that you can use to find and replace stored personal information.

You can use this feature to search for specific strings in Automation data and then replace them with a different string (GDPR right to be forgotten). The replacement string cannot be larger than the original string.

This new functionality supports Microsoft SQL and IBM DB2 database types.

Searching Automation data for personal information

Automation may store personal information in these places:

  • Audit Trail entries
  • Job Results
  • Job Logs (that can be part of a Job Result if you grab a log or have tasks that have output; eg: Create/Manage AD User)
  • Query information (that can be part of a Job Result if you have tasks that query for information; eg: Query AD Users)

To search and replace a string from the Job History view in the Console

  1. In the Console, click Jobs > Job History.
  2. Right-click the Job History, and click GDPR.
  3. In Find What, enter the search string you want and click Search. The search can take a while to run. When the search is done, click the Results button. If there are too many entries for a Job History category, that category will not be expanded. Expand the category folder to see its content.
  4. If the search results match what you want, enter a Replace With string and click Replace All. The string will be replaced with a new one having the same length but having only “*” in its content.

To search for a string in Automation data from the command prompt

  1. Open a command prompt.
  2. Change the directory to the location where the Ivanti Automation Console is installed.
  3. Run the following command, specifying the search results file and the search string you want to look for.

    processor.exe /findInLogs /processedPath="<drive letter>:\<folder path>\<search_results_file>.txt" /searchString="search string"

  4. View the search results.

When you do a search, these files are created:

  • <search_results_file>.Audits (contains the RowGUID from tblAudits in the database where the search string was found
  • <search_results_file>.jobGuids (contains the jobGuid from tblJobsHistory in the database where search string was found)
  • <search_results_file>.logGuids (contains the GUID of the log files referenced in a Job Result where search string was found)
  • <search_results_file>.masterjobGuids (contains the masterJobGuid from tblMasterJobHistory in the database where search string was found)
  • <search_results_file>.queryImageGuids (contains the GUID of a detailed query result in a Job Result where search string was found)
  • <search_results_file>.queryResults (contains the RowGUID of a query result in a Job Result where search string was found)

Replacing personal information

Once you have identified personal information that you want to replace and have done a search for it as described above, use the following command, specifying the replace string you want to use:

processor.exe /replaceInLogs /processedPath="<drive letter>:\<folder path>\search_results_file.txt" /replaceString="replace string"

The replace command relies on the search results files generated by the search command line. Do not execute the replace command until the search step has completed. Verify this in the Windows Task Manager by making sure processor.exe with the search_String argument is no longer present.

After replacing, you can redo a search for the original search string to make sure it has been replaced or to demonstrate that the personal information data is no longer stored.

If you want to see the found information in the Ivanti Automation Console, the data from the .Audits and .masterjobGuids can be used to find the information in the database. Filter by RowGUID in tblAudits and MasterJobGUID in tblMasterJobHistory to see which entry contains the personal information data. That entry can then be opened in the Ivanti Automation Console.

When replacing a string, make sure the new string is no longer than the one being replaced.

Depending on the size of the data to be searched, the search process can require a lot of time and resources from the system used to scan for GDPR personal information data. The replace process should be very quick if the result set is limited.

Replaced data examples

Here are some examples showing information before and after a search and replace.

The screen shots on the left show the information for a Run Book that creates and manages an active directory user named "gdpr test4". The screen shots on the right show that same information after a search for "gdpr test4" was done and then replaced with "**GDPR4**".