Understanding scan results:

Each result record forwarded to LT Auditor-MP represents a single PII match found in a scanned file. A single file may generate multiple result records if it contains multiple types of PII or multiple instances of the same PII type.

Each result record includes:

• File Path — the full path to the file where the match was found
• PII Class — the type of sensitive data detected
• Class Type — the category of the detected class (PII, PHI, Sensitive, Confidential, or Private)
• Timestamp — when the match was detected during the scan
• Agent — the client agent that performed the scan
• Job Name — the scan job that generated the result

Accessing scan results in LT Auditor-MP:

1. Log in to the LT Auditor-MP Web UI
2. Navigate to View in the main navigation menu
3. Select the view configured for PII Scanner data or create a new one:
   • Click Create View
   • Set the Environment to your PII Scanner environment
   • Set the Category to PII Scan Results
   • Set a default date range
   • Click Save
4. The log table populates with PII match records from your scans

Filtering scan results:

Filter by job name:

1. Click Advanced Filters
2. Add a condition:
   • Field — Job Name
   • Operator — Equals
   • Value — the name of the specific scan job
3. Click Apply Filters

Filter by PII class:

1. Click Advanced Filters
2. Add a condition:
   • Field — PII Class
   • Operator — Equals or Contains
   • Value — the class name to focus on (e.g., Social Security Number)
3. Click Apply Filters

Filter by class type:

1. Click Advanced Filters
2. Add a condition:
   • Field — Class Type
   • Operator — Equals
   • Value — PII, PHI, Sensitive, Confidential, or Private
3. Click Apply Filters

Filter by file path:

1. Click Advanced Filters
2. Add a condition:
   • Field — File Path
   • Operator — Starts With or Contains
   • Value — the directory path to focus on
3. Click Apply Filters

Filter by agent:

1. Click Advanced Filters
2. Add a condition:
   • Field — Agent
   • Operator — Equals
   • Value — the hostname of the agent that performed the scan
3. Click Apply Filters

Interpreting scan results:

When reviewing results focus on the following questions:

Is the sensitive data in an expected location? PII found in designated access-controlled directories is expected. PII found in unexpected locations — a public share, a developer’s working directory, or a temporary folder — requires immediate attention and remediation.

Is the class type appropriate for the location? PHI in a healthcare application directory may be expected. PHI in a general file share is not. Review whether the type of sensitive data found makes sense for the location it was discovered in.

How many files are affected? A single match in one file is very different from hundreds of matches across many files. Use grouping and aggregation in LT Auditor-MP reports to understand the scale of findings across a scan.

Viewing full result details:

1. Click on any result row in the log table
2. The detail panel opens and displays:
   • File Path — full path to the affected file
   • PII Class — the type of sensitive data detected
   • Class Type — PII, PHI, Sensitive, Confidential, or Private
   • Timestamp — when the match was detected
   • Agent — which client agent found the match
   • Job Name — which scan job generated the result
   • Raw Log — the original forwarded syslog record
3. Click Close to return to the results table

Identifying false positives:

Not every match represents a genuine sensitive data finding. Some regex patterns may produce false positives — matches that technically satisfy the pattern but do not represent real sensitive data. Use the file path and raw log context to validate whether a match represents actual sensitive data before acting on it.

If a PII class is consistently generating false positives:

1. Navigate to PII Classes in the PII Scanner Server web interface
2. Review and tighten the regex pattern for the relevant class
3. Consider disabling the class temporarily if the false positive rate is too high to manage

Acting on scan results:

When genuine sensitive data is found in an unexpected or unauthorized location:

1. Document the finding:

• Export the relevant results from LT Auditor-MP as PDF or CSV
• Note the file path, PII class, class type, scan date, and agent

2. Assess the risk:

• Determine who has access to the location where the sensitive data was found
• Review access logs in LT Auditor-MP to determine whether the file has been accessed recently
• Assess whether the finding represents a compliance violation that must be reported

3. Remediate:

• Work with the file owner or relevant department to relocate, encrypt, or delete the sensitive file
• Review and update access controls on the affected location
• Run a follow-up on-demand scan of the same path after remediation to confirm the sensitive data has been successfully addressed

4. Report:

• If the finding represents a compliance violation follow your organization’s incident response and breach notification procedures
• Retain scan results and remediation records as evidence for compliance audits

[Your administrator should define a standard remediation workflow for PII findings and ensure all team members know how to follow it.]

Generating PII scan reports in LT Auditor-MP:

For compliance documentation and management reporting, generate structured reports from PII scan results:

1. Navigate to Report in the LT Auditor-MP Web UI
2. Click Create Report
3. Configure the report:
   • Environment — PII Scanner environment
   • Category — PII Scan Results
   • Date Range — the period to cover
4. Under Columns include:
   • File Path
   • PII Class
   • Class Type
   • Timestamp
   • Agent
   • Job Name
5. Under Grouping consider grouping by:
   • PII Class — to see a breakdown of finding types
   • Class Type — to distinguish PII from PHI and other categories
   • File Path — to identify the most affected locations
6. Click Save and then Generate Report
7. Download the report as PDF for audit submission or CSV for detailed analysis

Setting up alerts for PII findings:

Configure LT Auditor-MP to alert your team when PII matches are detected during a scan:

1. Navigate to Manage in the LT Auditor-MP Web UI
2. Select the PII Scanner environment and category
3. Click Add Filter
4. Configure the filter:
   • Filter Name — e.g., PHI Finding Alert
   • Condition — Class Type Equals PHI
   • Action — Alert
   • Recipients — your security or compliance team email addresses
5. Click Save and set to Active

[Your administrator should configure alerts for each sensitive class type relevant to your compliance obligations — at minimum PHI for HIPAA environments and PII for GDPR environments.]

Best practices:

• Review scan results promptly after each scan completes — sensitive data findings should not sit unaddressed
• Use the Class Type filter to prioritize PHI and PII findings for immediate investigation before reviewing Sensitive and Confidential findings
• Validate matches using the file path and raw log context before acting — not every match is a genuine sensitive data finding
• Export and retain scan results as part of your compliance evidence library
• Run a follow-up on-demand scan after remediation to confirm sensitive data has been successfully removed from the affected location
• Track remediation progress for all findings to demonstrate to auditors that your organization acts on data discovery results
• Set up alert rules in LT Auditor-MP for PHI and PII class type findings so your team is notified promptly rather than discovering findings during a scheduled review

[Your administrator should establish a regular cadence for reviewing accumulated scan results in LT Auditor-MP as part of an ongoing data governance review process.]