License edition: To understand the applicable license editions, see Plans & Pricing.
β Important
The availability of this feature may be limited based on the license type, region, and other criteria. To access this feature, contact your Druva Account Manager or Druva Support.
Overview
Using the Federated Search capability, administrators can quickly find end-user emails that are backed up by inSync. You can search only those emails that are backed up for the following email clients:
Gmail
Exchange Online
πNote
You cannot search emails saved in *.PST. folder. However, you can search PST files using file search.
Following is a list of metadata attributes that inSync indexes for emails:
Email subject
Attachment name for each email
β Important
When you search using keywords in an email address, the last word in the local-part of the email address and the last word in the domain name are not valid search queries. For example, if you search a user - ernie.carter@secure.druva.com, carter in the local-part and com in the domain name are not valid search queries.
Search Emails
Procedure
Click the global navigation icon to access the Global Navigation Panel and select Federated Search. The Federated Search page is displayed.
Select Emails and enter a part or the entire email subject or a part or the entire attachment name in the search box. Use the filters and search operators available for email search to narrow down your search results. Then, click the Search icon.
π‘ Tip
If you have not selected the Match exact words filter, then all words in the search query should at least contain 3 characters. For example, "qu" or "quarterly re" are invalid search queries whereas "qua" or "quarterly rep" are valid search queries.
The filters available for email search are described in the table below.
Filter Name | Description |
From | Search emails from a particular sender. π‘ Tip In this field, you cannot enter names containing spaces. To add names containing spaces, copy the name containing spaces and paste into this field. |
To/CC/BCC | Search emails that were sent to a specific recipient. π‘ Tip In this field, you cannot enter names containing spaces. To add names containing spaces, copy the name containing spaces and paste it into this field. |
Email Sent/Received Between | Search emails that were sent or received between a specific date range. |
Profiles | Search emails created by users associated to a particular profile. Start typing the profile name to view the list of profiles that match your search string. |
Legal Holds π Note | Select the Legal Holds that you want to search. You can select multiple Legal Holds. |
Users | Search emails sent by a particular user. By default, inSync searches emails from all users but if you want to search emails from a specific user, enter the name of the user in this field. |
Custodians
π Note | Select the custodians whose backed up data you want to search. |
Match exact words | Select this check box if you want inSync to match the exact words of your query. For example, if your search query contains 2 characters, select this check box. |
Email(s) with attachment(s) only | Select this check box if you want to search emails that contain only attachments. |
Attachment Type | Search emails that contain the attachment type specified in this filter. |
Search emails without email subject
β Important
This functionality is available only for customers on-boarded after June 8, 2019.
Federated Search enables you to search for emails using different email parameters such as from, to, date when the email was sent, attachment name, and so on. This is useful when you don't know the subject of the email but are aware of any of the email parameters. You can use one or a combination of the following parameters to search an email in inSync:
From: Enter the email ID of the user who had sent the email.
Recipients: Enter the email IDs of the recipients of the email.
Date: Enter the period when the email was sent or received.
Name or SHA1 value: Enter the filenameor the SHA1 hash value of the email attachment that you want to find. Enter the SHA1 hash value in the following format:
checksum:<SHA1>For example:checksum:e575245991980f0f706eabfd16f99a624106b808File Size: Define the range of the size of the file.
Extension: Enter the extension name of the attachment or select the extension name from the drop-down list. You can search for different extension types such as txt, png, mp4, and so on.
Data Source: Select the data source where the email resides.
Profiles: Select the profile that is associated with the user who sent the email.
Users: Select the user who sent the email.
Download Emails
You can download all the emails that are displayed in the search results in EML format for further analysis and review.
Procedure
Search for the emails that you want to download.
Select the emails that you want to download and click Download.
If you select multiple emails, all the selected emails are downloaded in a compressed file format. Following is the file naming convention of the downloaded emails:
SearchResults-<Date stamp>, <Time stamp>.<file extension of the compressed file format>
Delete Emails
Use the Federated Search capability to find and delete malicious or sensitive emails from the data source or from both, data source and snapshot. For detailed information on email deletion, see Defensible Deletion of Files and Emails.
Procedure
Search for the emails.
Select the emails that you want to delete.
Click more options, and then click Delete. You can choose to delete the emails only from the data source or from both data sources and snapshots. Then, click Delete again in the confirmation message.
Delete from Data Source: With this option selected, all the versions of the selected emails are deleted immediately from the active data source (SaaS Apps). However, all the versions of these emails continue to reside in the snapshot (Storage Database) and will be available for search, indexing, and backup. You cannot delete emails for inactive or disabled data sources and the emails that belong to users on legal hold.
Delete from Data Source and Snapshot: With this option selected, all the versions of the selected emails are deleted immediately from the active data source (SaaS Apps) as well as the snapshot (Storage Database). Emails will not be available for search, indexing, and backup. You cannot delete emails for inactive or disabled data sources and the emails that belong to users on legal hold.
π‘ Tip
You cannot undo an email delete action.ββββββ
With the Delete from Source and Snapshot option, you cannot delete emails (Exchange Online and Gmail) for which Data Lock is enabled.
Email Search Results
The search results show a maximum of 1000 results that match your search query. inSync displays the search results progressively; loading the search results while scrolling. Using the Email Result option, upto 20,000 search results in CSV format can be sent to the email address of the administrator who is logged in.
Procedure
Search for emails.
Click Email Results. The search results are emailed to you in CSV format. β
The fields in the CSV file are explained in the following table.
Filter Name | Description |
Time when searched | Displays the date and time stamp when the search query was run. |
Query | Displays the search query that was entered. |
Exact Match, Dates, Types, Attachments, From, Participants, Users, Device Platforms | Each filter is represented in a separate line and it displays the value that you used for each filter. If you have not applied a particular filter then, it displays Not Applied beside that filter name. If you have applied a filter, then the value of the filter is displayed beside the filter name. |
Matches | Displays a numeric value of the number of search results that matched your search query. |
Subject | Displays the subject of the email. |
Attachments | Displays all the attachments of the emails along with attachment name and file size. |
Send/Received Time | Displays the date and time stamp when the email was sent or received. |
From | Displays the email ID of the email sender. |
To | Displays the email ID of the email receiver. |
Cc | Displays the email ID of the person who was CCed in the email. |
Bcc | Displays the email ID of the person who was BCCed in the email. |
User ID | Displays the unique ID of the user. |
User Name | Displays the name of the user associated with the User ID. |
Device ID | Displays the unique ID of the device. |
Device Name | Displays the name of the device where the file is stored. |
Search for users by legal admin
β Important
Legal admin must be assigned to a custom role that has a combination of Legal Hold Management rights > View Legal Hold, Data Governance > Access Federated Search plus any one or all of the following rights - User Management, Deployment Management, Profile Management, Backup and restore management, Data Governance, Alerts and Reports Management, CloudCache Management. Legal administrators get access to profile(s) assigned to them by the cloud administrator and can search and view details of all users mapped to those profile(s) in addition to legal hold users.
If the legal admin has extended rights, they can search and view details of all users mapped to the assigned profile(s) in addition to legal hold users.
Procedure to search and view all users
From the global navigation bar, click Federated Search. The Email Search tab appears.
Select Emails and enter a part or the entire email subject or a part or the entire attachment name in the search box. Select the Data Source as per your requirement. For example, Exchange Online.
Select the All Users option if you want to search and get a view of all users including users on legal hold.
Select the profile from which you want to fetch the users. This field is displayed only for supported user-based SaaS Apps.
Enter the user names whose details you want to view. Click Search.
Procedure to search and view only legal hold users (Custodians)
From the global navigation bar, click Federated Search. The Email Search tab appears.
Select Emails and enter a part or the entire email subject or a part or the entire attachment name in the search box. Select the Data Source as per your requirement. For example, Exchange Online.
Select the Users on Legal Hold option if you want to search and get a view of only users put on legal hold.
Select the legal hold policy from which you want to fetch the users.
Enter the custodian names whose details you want to view. Click Search.
π‘ Tip
The cloud and legal administrators cannot search and view users and their data if user Data Privacy settings are enabled.