Create a New Sensitive Data Scan

 

Overview

What is a Sensitive Data Scan?

  • Scans are the searches that agents perform on endpoints (targets) to find either the file locations (Discovery Scan) or find specific data types (Sensitive Data Scan) within the files and folders

  • Sensitive Data Scans enable you to search for specific data types (social security numbers, telephone numbers, etc) within files and folders at different locations (and take actions on them based on the playbook rule defined for them)

A playbook is a set of rules used to define the action(s) taken when implementing a scan.
For example, a playbook action may be to refer specific data found by a scan to a specific department for review and remediation.

Create a new Sensitive Data Scan

From the Dashboard, navigate to Scans > All Scans.

To create a new Sensitive Data Scan:

1. In the top-right corner of the All Scans screen, click the Add Scan button.

2. On the next screen, fill in the Name and Description. The Description is optional.

 

3. Click Next to proceed, Previous to return to the previous screen, or Exit Without Saving
to discard.

4. On the Select what type of scan to create screen, click Sensitive Data Scan. Select Next.

5. On the Select a Playbook to apply to the scan screen, choose a Playbook from the list.

a. If the playbook you want is not listed, you can use the Search box to search for it.

b. To search for a specific Playbook, type the name of the Playbook in the search box and then select the search icon.

6. Click Next to proceed, Previous to return to the previous screen, or Exit Without Saving
to discard.

7. On the Select the target type to scan, choose a Target type.

 

8. Expand each of these sections for more information on Target types.

Create a Cloud Scan

1. Click the Cloud tile.

2. On the Select which cloud service to scan screen, select and click a cloud platform tile:

  • Dropbox
  • Google Drive
  • box
  • OneDrive for Business
  • amazon S3

3. Select the service and the Select the agent(s) to perform the scan screen opens.

4. From the All On-Prem Agents list, choose the agent(s) you want to use.

a. To expand a section, click the chevron (>) icon.

b. To select an agent, click the arrow next to the agent name. This moves the agent over to the Selected On-Prem Agents field.

c. To check the version of an agent, hover your mouse over the information icon to determine the version of the Agent.

Note:Agent 13, Agent 13.1, Agent 13.2, and Legacy Agents cannot be combined. If you select more than one version of the agents, you get an error message and are prompted to reselect your agents.



d. To remove an agent from the Selected On-Prem Agents field, click the arrow next to an agent name in that field.

5. On the Select Targets(s) to Scan screen, select one or more targets to scan.

1) Expand the section and add a target.

2) To add a target, click the arrow next to its name and move it to the Selected Targets field.

3) To remove a target from the Selected Targets section, click the arrow next to the target name and move it back to the All Targets field.

Note: To create a new Target, see Working with Assets and Targets.

.

6. Click Next to proceed, Previous to return to the previous screen, or Exit Without Saving
to discard.

7. On the Select Which User Accounts Would You Like to Scan screen:

Note: Your cloud source brand is reflected on this screen. However, the screen does not display for amazon S3 cloud services.

  • Search: To search for a User Account, type the name in the box and click the Search icon or click Enter.

  • Input the User Account to add and press Enter: Type the user account name and click Enter.

  • Upload Account List: To upload a list of accounts from your local computer, click the upload icon and locate the file on your local computer.

8. Click Next to proceed, Previous to return to the previous screen, or Exit Without Saving
to discard.

9. On the Select File Type Scan Options screen, select options.

These options are described in Scan Options.

10. If applicable, click the Advanced Optionsbutton in the top right corner of the screen to add additional options. Then click the Basic Options button to return.

11. Click Next to proceed, Previous to return to the previous screen, or Exit Without Saving
to discard.

12. On the Select file type scan options - Advanced Options screen, select options.

These options are described and detailed in Scan Options.

Click Next to proceed, Previous to return to the previous screen, or Exit Without Saving
to discard.

13. On the Select advanced options screen, select from the Advanced Options.

These options are described and detailed in Scan Options.

14. Click Next to proceed, Previous to return to the previous screen, or Exit Without Saving
to discard.

15. On the Select Discovery Team settings screen, select from these options:

Note: This screen only displays when multiple On-Prem agents are selected.

e. Agent 13.0+: Ensure these ports are open.

  • Port 5672: Use these settings:

    • Open for Inbound TCP communication on the Discovery Agent.

    • Open for Outbound TCP communication on ALL. other agents involved in the same scan to the Discovery Agent.

NOTE: This communication is for reading and writing information to the message queue.

  • Port 15672: Use these settings:

    • Open for Inbound TCP communication on the Discovery Agent.

    • Open for Outbound TCP communication on ALL other agents involved in the same scan to the Discovery Agent.

NOTE: This is for the Message Queue Management Interface and API.

f. Agent 13.2+: Ensure these ports are open.

  • Ports 5671 & 5672: Use these settings:

    • Open for Inbound TCP communication on the Discovery Agent.

    • Open for Outbound TCP communication on ALL other agents involved in the same scan to the Discovery Agent.

NOTE: This communication is for reading and writing information to the message queue.

  • Ports 15671 & 15672: Use these settings:

    • Open for Inbound TCP communication on the Discovery Agent.

    • Open for Outbound TCP communication on ALL other agents involved in the same scan to the Discovery Agent.

NOTE: This is for the Message Queue Management Interface and API.

g. Discovery Agent: Select an agent from the drop-down list.

Note: Distributed scans use the assigned discovery agent to conduct location discovery and provide a queue for all other agents to be assigned locations for scanning. While the Discovery Agent can be manually chosen, it is recommended that you use the preferred Discovery Agent.

h. Configure Agent IPs: If your organization requires it, you can set a specific IP address.

1) Click Configure Agent IP's.

2) In the Add New IP Address window, type the new IP address and click the plus (+) icon.

3) Hover over the new IP address options menu and click Make Default.

4) Click Save to apply or Cancel to discard.

i. For Agent 13.0 and legacy Agents, use these options.

1) These options are described and detailed in Scan Options.

16. Click Next to proceed, Previous to return to the previous screen, or Exit Without Saving
to discard.

17. The next screen is Select the scan schedule. Click on Select Date and Time to see how to set the date, time, and /or recurrence for a scan.

18. Click Next to proceed, Previous to return to the previous screen, or Exit Without Saving
to discard.

19. On the Who should receive notification of scan completion screen, select how to send email notifications.

  • I'll Manually Check My Scans Results

  • Send An Email Notification

j. Select a user from the drop-down list. Type an email address in the entry field and click Enter.

k. To add additional email addresses, click the plus (+) icon and type the email addresses in the entry field.

20. Click Next to proceed, Previous to return to the previous screen, or Exit Without Saving
to discard.

21. On the Summary screen, select the chevron (>) to open and review your scan settings.

22. Use a edit icon link to jump to a specific screen to edit a setting.

23. Click Finish & Save to add the new Scan, Previous to return to the previous screen, or Exit Without Saving to discard.

Create a Files & Folders Scan

1. Click the Files & Folder tile.

2. Click a target type. For this example select Local Target.

Create a Collaboration Tools Scan

1. Click the Collaboration Tools tile.

2. Click Next to proceed, Previous to return to the previous screen, or Exit Without Saving
to discard.

3. On the Select the collaboration tool to scan screen, select:

  • SharePoint | SharePoint Online

  • Bitbucket

4. Expand a section for more information.

25. Click Finish & Save to add the new Scan, Previous to return to the previous screen, or Exit Without Saving to discard.

21. Click Finish & Save to add the new Scan, Previous to return to the previous screen, or Exit Without Saving to discard.