Scans Settings

Overview
Access Scan Settings
Manage Scan Settings
Manage Agents Settings
Manage Remediation Settings
Manage Updates Settings
Manage Notifications Settings
Manage a Custom Notification
- Create a New Template
Manage Data Retention Settings

Overview

Scans Settings is where you manage your settings for:

Scan Item Number and Load
Target Preferences
Remediation Settings
Policy and Application Updates
Notifications and Custom Notifications
Data Retention

Note: Changes to Settings values are immediate once data is entered into any field.
You may wish to retain a copy of the original settings when making updates if you need to revert back to the previous settings.

Access Scan Settings

To access the Scan Settings screen, use the following steps:

From the left menu, click Settings.
Click Application Settings.
To view sections in the Scans Settings:
1. Click a down arrow to expand a section.
2. Click an up arrow to collapse a section.

Manage Scan Settings

To manage Scan Settings, use the following steps:

Click the down arrow to expand the section.
Fill in the following settings:
1. Minimum Load When Using Distributed Scanning (MB): Enter a minimum scans number in megabytes.
2. Minimum Number of Items When Using Distributed Scanning: Enter a minimum number of items to use.
3. Maximum Load When Using Distributed Scanning (MB): Enter a maximum scans number in megabytes.
4. Maximum Number of Items When Using Distributed Scanning: Enter a maximum number of items to use.
  
  Note: If a distributed scan is not completing when run against a very large data set, you will need to set the thresholds to a minimum of 5 MB and a maximum of 10 MB and run the scan again.
  
  Contact your Customer Success Manager if you have any questions.

Manage Agents Settings

To manage Agents settings:

Click the down arrow to expand the section.

Agent Search Progress Update Intervals: Enter an interval setting.
Keep Agent Activity State History: Select, if applicable.
Automatically Merge Agents Based on: Select all applicable:
1. Disable
2. Hostname
3. Mac Address
4. IP Address
5. All
Inherit Permissions on Targets from Filter/IP Tags: Select, if applicable.

Manage Remediation Settings

Global quarantine configurations for cloud locations are mostly done with the admin accounts.

Note: Global configurations can be overridden by Playbook quarantine locations.

To manage Remediation settings, use the following steps:

Click the down arrow to expand the section.
Synchronize Classification Changes With Targets: Select, if applicable.

Classification Overlay Shape: Select an option from the drop-down list.

Use This Algorithm When Creating File Hashes: Select an option from the drop-down list.
Linux Quarantine File Path: Enter the Linux location to quarantine the files.
1. Format: <dir>/Quarantine_Folder
  1. For example: /home/AdminBob/Quarantine
    1. This entry quarantines all data to the specified Linux folder on the local Agent machine
  2. Mounted machine: mnt/Quarantine
    1. This entry quarantines all data to the specified Linux folder on the specified mounted machine
Note: The file path syntax for Linux and Mac is different from that of Windows. The '\' character in Windows is represented as '/' in Linux/Mac.
Mac Quarantine File Path: Enter the Mac location to quarantine the files.
1. Format: <dir>/Quarantine_Folder
  1. For example: /Users/Admin/Quarantine
  2. This entry quarantines all data to the specified Mac folder on the local Agent machine
Windows Quarantine File Path: Enter the local or remote Microsoft Windows location to quarantine the files.
1. Local Folder Format: <Drive_Letter>:\Quarantine_Folder
  1. For example: C:\ScanData\Quarantine
  2. This entry quarantines all data to the specified drive (C:) Windows folder on the local Agent machine
2. Remote Machine Format: \\<IP_address>\<drive_letter>$\<Folder>
  1. For example: 10.0.2.163\c$\Quarantine
  2. This entry quarantines all data to the specified drive (C:) Windows folder on the specified remote machine
Leave Behind Warning Text Content: Enter a text message that displays on files specifying the reason of quarantine.
Redact Character Replacement: Enter the character you want to use instead of the actual text for redacted information.
Redact all but Last 4: Select, if applicable.

Note: The format of a default quarantine location is <user@domain.com>/<Quarantine_Folder>, <admin account> where user@domain.com is the user account of the cloud location, Quarantine_Folder is the path to the quarantine folder and admin account (optional) is the administrative account and is used to quarantine only the files in the admin account.

For example, the Google Drive quarantine file path can be john.doe@spirion.com/Quarantine.

Global quarantine configurations for cloud locations are mostly done with the admin accounts.
Also, global configurations can be overridden by Playbook quarantine locations.
Amazon S3 Quarantine File Path: Enter the Amazon S3 location to quarantine the files.
1. Format: user@domain.com/Quarantine_Folder
2. This entry quarantines all data in the specified cloud user account to the specified S3 folder
Box Quarantine File Path: Enter one or more box locations to quarantine the files.
1. Format (non-admin): user@domain.com/Quarantine_Folder
  1. This entry quarantines all data in the specified cloud user account to the specified box folder
2. Format (admin-only): OneDrive For Business: user@account.com/Quarantine_Folder,admin@account.com
  1. This entry quarantines only files in the specified admin account to the specified box folder
Dropbox Quarantine File Path: Enter one or more Dropbox locations to quarantine the files.
1. Format: user@domain.com/Quarantine_Folder
  1. For example, john.doe@spirion.com/Quarantine
  2. This entry quarantines all data in the specified cloud user account to the specified Dropbox folder
Microsoft OneDrive Quarantine File Path: Enter one or more Microsoft OneDrive locations to quarantine the files.
1. Format (non-admin):
  1. Microsoft OneDrive: user@domain.com/Quarantine_Folder
    1. This entry quarantines all data in the specified cloud user account to the specified Microsoft OneDrive for Business folder
2. Format (admin-only): OneDrive For Business: user@account.com/Quarantine_Folder,admin@account.com
  1. This entry quarantines only data in the specified admin account to the specified Microsoft OneDrive for Business folder
    Note: To quarantine files to Microsoft OneDrive, the entire location path must be written in lowercase.
Google Drive Quarantine File Path: Enter the Google Drive location to quarantine the files.
1. Format (non-admin): user@domain.com/Quarantine_Folder
  1. This entry quarantines all data in the specified cloud user account to the specified Google Drive folder
2. Format (admin-only): <user@domain.com>/<Quarantine_Folder>, <admin account>
  1. This entry quarantines only data in the specified admin account to the specified Google Drive folder
SharePoint Quarantine File Path: Enter the SharePoint location to quarantine the files.
1. Local Folder Format: <Drive_Letter>:\Quarantine_Folder
  1. For example, C:\SharePointQuarantine
  2. This entry quarantines all data to the specified drive (C:) quarantine folder on the local Agent machine
2. Remote Folder Format: https://<SharePoint_site>/QurantineSite
  1. For example, https://acmedev.sharepoint.com/sites/QuarantineSite
  2. This entry quarantines all data to the specified SharePoint site quarantine folder on the specified remote SharePoint site
Bitbucket Quarantine File Path: Enter the Bitbucket location to quarantine the files.
1. Format (non-admin): user@domain.com/Quarantine_Folder
  1. For example, john.doe@spirion.com/Quarantine.
  2. This entry quarantines all data in the specified cloud user account to the specified Bitbucket folder
2. Format (admin-only): <user@domain.com>/<Quarantine_Folder>, <admin account>
  1. For example, john.doe@spirion.com/Quarantine, john.doeAdmin@spirion.com
  2. This entry quarantines only data in the specified admin account to the specified Bitbucket folder
In the Manage Protection (Authenticated) section:
1. Click Manage.
2. The Manage Protection window opens.
In the Manage Protection window, enter these settings:
1. Admin User Account Name: Enter your admin user account name and click Authenticate.
2. Authentication Code: Enter your authentication code provided from the authentication above in the box.
3. Client ID: (Optional) Enter your unique client ID to be used for authentication.
4. Client Secret: (Optional) Enter your unique client secret to be used for authentication.
5. Tenant ID: (Optional) Enter your tenant ID to be used by the authenticating server.
Click Save to save or Cancel to discard.
Note: If you enter value in any of the optional fields, it is mandatory to add values in the other optional fields as well.
In the Manage Label (Authenticated) section, do the following:
1. Click Manage.
In the Manage Label pop-up window, fill in the following:
1. Admin User Account Name: Enter your admin user account name (user@domain.com) and click Authenticate.
2. Authentication Code: Enter your authentication code provided from the authentication above in the box.
3. Client ID: Enter your unique client ID to be used for authentication.
4. Client Secret: Enter your unique client secret to be used for authentication.
5. Tenant ID: Enter your tenant ID to be used by the authenticating server.
Click Save to save or Cancel to discard.

Manage Updates Settings

Use the following steps to manage your Updates Settings:

Click the down arrow to expand the section.
Check This URL for Policy Definitions Updates: Enter the URL that hosts your Policy Definitions.
Automatically Check for Updates When Resources Page is Loaded for the First Time: Select, if applicable.
Check This URL for Application Updates: Enter the URL that hosts your Application Updates.

Manage Notifications Settings

To manage Notifications Settings:

On the left of the Notifications row, click the down arrow to expand the section.
In the Purge Notifications section, select an option from the "Purge Dismissed Notification After" drop-down list.
In the Custom Notification section, you can manage existing custom notifications or create new ones.

Manage a Custom Notification

To manage custom notifications, use the following steps:

Locate a template in the list.
Use the toggle to change the deployed status.
To manage a template, click the more options menu.
Click Manage.
In the Manage Custom Notification pop-up window, make needed changes.
Click Update to save updates, Cancel to discard updates, or Delete to delete the template.

Note: If you click the Delete button, it immediately deletes the template. There is no undo feature.

Create a New Template

Procedure:

In the Custom Notifications section, click New Template.
In the Create Custom Notification pop-up window, fill in the following:
1. Name: Enter the template name.
2. Subject: Enter a description of the template subject.
3. Active: Use the toggle to change the Active status.
Body: Use the text editor to compose the body of the template.
1. Use the toolbar to format the text and paragraphs, and to insert code and variables as needed.
Click Save to save the template or Cancel to discard.

Manage Data Retention Settings

To manage your Data Retention settings, fill in the following fields:

Audit Data Retention:
- Set the number of years to retain data.
- A minimum of five years is required.
Gather Data Retention:
- Set the number of days to gather data.
- This number must be between 1 and 30 days.
Scan Results Retention:
- Set the number of months to retain scan results.
- This number must be between 1 and 12 months.
Event History - Watcher:
- Set the number months for the Watcher Event History, if applicable.
Activity History:
- Set the number to set the number of months in the Incident History.
- A minimum of 12 months is required.
Search History
- Set the number of months to retain the history of scanned locations when using Differential Scan.
- After this set number of months, search history data is purged (deleted).
- This number must be between 1 and 12 months.

User Guide