Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

ACT Data Sorting and Triaging

The Synapse ACT determines which flagged entities require further investigation or action. In general, we are most concerned about entities that are publicly available that have unintentionally become unrestricted or uncontrolled. Please reference the use case tables below to identify when it is necessary to reach out to a Project Lead or Synapse user. Project Leads are as follows (as of December 2021Oct 2022)*:

Change of State Audit Use Cases

Use Case

Why is this needed?

Action Needed

AR/Click-wrap (controlled/restricted) was removed from a public entity/project (this query should only include public entities in public projects).

Audit for security to ensure there have been no accidental breaches or loss of data.

Sort through Jira tickets to see whether this was accounted for. Otherwise reach out to the Community Manager.

For scenarios where the entity/project is not linked to a Sage-managed Synapse Community, please reach out to the Synapse Security Engineer for further investigation before contacting external Synapse users. The Synapse Security Engineer should investigate whether the flagged entity contains local access settings, indicating that the entity’s access settings were not unintentionally acquired from the parent folder/project. If it seems that an entity’s access settings were inherited accidentally, ACT should reach out to the project owner.

File switched to public and then back to private AND there is an access change to a less restrictive state than the original public file.

Audit for security to ensure there have been no accidental breaches or loss of data.

If the file was public for more than a day, investigate whether data was downloaded

If the data was downloaded during this time, reach out to the Community Manager.

Sage employee’s test project is public.

Internal QA

Reach out to Community Manager (or the project owner if it is not associated with a community)tosee whether the owner can make the entity private. 

AR/click-wrap was added AND the project or entity was made public.

Internal QA

Do not reach out to Community Manager, but ACT should ensure that the project is listed in the Conditions for Use Synapse page 

MD5 Audit Use Cases

Use Case

Query Information Need

Why is this needed?

Action Needed

Instances where a restricted/controlled entity is copied and the resulting public duplicate is less restricted/controlled (regardless of if the source entity was public)

Date of event

For both source and duplicates we will need:

Project: synID, name 

Entity: synID, name, created by, last modified by, controlled status (was/is controlled), restricted status (was/is restricted), public/private

Potential follow-up: If a breach is discovered, we will need: any downloaders after the date at which the AR/click-wrap was removed so we can contact them) 

Audit for security to ensure that any duplicated files are under the correct access requirements

Reach out to Community Manager

Reach out to Synapse Security Engineer if there is no Sage Community Manager associated with the project/entity

...

For Top Downloader Data, the Synapse Governance Team should review the 20 top downloaders and reach out to them directly if an issue is suspected.

Example Email:

Your Synapse account has been identified during a routine Synapse audit as having accessed a large number of files in the last six months. This activity may be expected due to how you use Synapse, or may be the result of a compromised or shared account. 

Please reply to this email message to confirm that you are not aware of a breach of your Synapse credentials and that you have not shared them with anyone else.

Ensure that you document Community Manager and Synapse User responses within the respective audit data export doc to track which flagged entities are problematic and which are not.

...