When setting up include or exclude filters for various DLP discover scans, you've seen or been told that you must use the greater than (>) operator, however you cannot find any definitive information in the built-in help information or online documentation. How do you use the greater than operator? In what cases, if any, is it required?
The greater than (>) symbol is used to define either a range of machines or a specific change to the scanned path or files (or a combination of both). For example, the following line would tell the scan you've used it in to only scan machines from 192.168.0.1 to 192.168.0.254:
>192.168.1.0/24
Also using the greater than symbol to narrow scans on specified hosts. For example, this filter would tell DLP to scan only .txt files on the specified host:
>192.168.0.9,*.txt
You cannot, however, combine two different scan filters. The following filter, while seeming logical, doesn't work as expected:
>192.168.0.2,*.txt,>192.168.0.3,*.doc
DLP will scan both hosts for .txt and .doc files, despite being set up to only scan .txt files on one and .doc files on another. If you have two or more machines that you wish to scan different files on (such as .txt on one, .doc on another), you must issue two scans.
If you have two or more machines that you want to only want to scan, say, .txt files, enter each computer's information with a greater than sign before each machine, like this example:
>192.168.0.2,>155.155.22.33,*.txt
While using the greater (>) than symbol before each host will be a list of individual hosts, it is strongly recommended to only use them in cases where you need to filter the search parameters or specify a range of machines to scan, as not being consistent will the usage will result in machines being skipped that were intended to be scanned.