Figure 142: eDiscovery folders list page
Download | Select to save the selected folder and the contained search results. The saved information can be shared with a third party. | |
Run Now | Select to refresh the search tasks in a selected folder. This will update the email lists in the search tasks. | |
Clone | Select to duplicate a folder to use as a basis for creating a new one. | |
Folder Name | The names of the eDiscovery folders that you create. For more information, see “To create eDiscovery folders:”. Select the arrow beside a folder name to display the task names of the search results saved in the folder. For more information, see “Task Name”. Select a task name to view the email list. See “To view a search task:”. | |
Creation Date | The date and time when the folder and search tasks were created. | |
Search Results | Each eDiscovery folder displays the number of search results contained in it. Each search task displays the number of email extracted based on the search criteria. See “To search email:”. | |
Size (bytes) | The size of the folders and search tasks. This column also displays the status of search results: • Completed: Search is completed and results are available for viewing. • Incomplete: Search was interrupted by a system shutdown. • Running: Search is in progress. • Pending: Search is queued and will run once other searches are completed. • Quota Exceeded: Search was stopped because the disk quota has been exceeded. | |
Device | Select the FortiGate unit of which you want to search the archived email. | |
Timeframe | Select the time period for the email that you want to search. If you select Specify, enter the start and end time. | |
From | Enter the sender’s email address that you want to search. This can be a full or partial email address. | |
To | Enter all or part of the recipient’s email address. For multiple recipients, enter any one of the recipients, or enter multiple recipient addresses in the order that they appear in the email address field, separated by a comma (,) and a space, such as: user1@example.com, user2@example.com | |
Subject | Enter all or part of the subject line of the email message. | |
Message Contains | Enter all or part of a word or phrase in the email message. | |
Save to Folder | If you want to save the search results, select a folder. If you do not want to save the search results, select Don’t Save. If you want to create a new folder for the search results, select Create New, enter a folder name and select OK. | |
Task Name | Enter a unique name for this search task. Such a name will help you identify a particular search result in a folder. For more information, see “Folder Name”. This field appears only if you selected a folder in the Save to Folder field. | |
Description | Enter a note to describe the task name. For more information, see “Description”. This field appears only if you selected a folder in the Save to Folder field. | |
Task name | The name of this search task. For more information, see “Task Name”. | |
Description | The note for this task. For more information, see “Description”. | |
Device | The serial number(s) of the FortiGate unit(s) of which you have searched the archived email. For more information, see “Device”. | |
Timeframe | The date and time when the search task was created. | |
SHA1 | The SHA1 digest for this search task. When a search result is downloaded to an external device, the SHA1 digest calculated on the downloaded file must match this digest in order to prove that the search result was not tampered with since leaving the FortiAnalyzer unit. | |
MD5 | The MD5 digest for this search task. When a search result is downloaded to an external device, the MD5 digest calculated on the downloaded file must match this digest in order to prove that the search result was not tampered with since leaving the FortiAnalyzer unit. | |
Last Activity | The date and time that the FortiAnalyzer unit received the email from the FortiGate unit. | |
From | The sender’s email address that was searched. This can be a full or partial email address. | |
To | The recipient’s email address that was searched. This can be a full or partial email address. | |
Subject | The subject line of an email. The email list can display full and/or summary email archives. Summary email archives contain only email messages with summary metadata. Full email archives contain both the summary and a hyperlink to the associated archived message. For example, if the FortiAnalyzer unit has a full email archive for an email message, the subject column of the email contains a link that enables you to view the email message. If the FortiAnalyzer unit has only a email archive summary, the subject column does not contain a link. A full or summary email archive varies by: • whether the FortiGate unit is configured to send full email archives • whether the content satisfies email archiving requirements • whether the FortiAnalyzer unit has the file or message associated with the summary email message (that is, full email archives do not appear if you have deleted the associated message) For more information about requirements and configuration of DLP archiving, see the FortiGate Administration Guide. | |
Size | The size of the email message. | |
Attachment icon | If an email has an attachment, this icon appears. | |