Databases

Databases can be scanned in two ways:

File-based Scan
Live Database Scan

File-based Scan

(Not recommended) The data storage files of a database can be scanned directly. Performing a Local Storage scan on a database server automatically picks up data storage files and scans them for sensitive data.

Scanning data storage files may run into the following issues:

Matches from ghost records or slack space may be found, instead of only data that can be queried from the database.
The data storage files may be locked by a database that is running.

To avoid these issues, perform a live database scan.

Live Database Scan

A live database scan is run by querying the database directly to search for sensitive data.

Supported Databases and Requirements

The following databases are supported:

Database	Requirements
MySQL	DATA RECON Advanced Edition
Microsoft SQL Server 2005 and above	DATA RECON Advanced Edition
PostgreSQL 9.5 and above	DATA RECON Advanced Edition
Oracle Database 9 and above	DATA RECON Advanced Edition Oracle Instant Client installed on host
IBM DB2 11.1 and above	DATA RECON Advanced Edition Data Server Driver for ODBC and CLI installed on host
Sybase/SAP Adaptive Server Enterprise (ASE) 15.7 and above	DATA RECON Advanced Edition Sybase/SAP ASE installed on host

Remediating Matches

DATA RECON does not modify data in the databases it scans. As a result, direct remedial action is unavailable for matches found in a live database scan.

You can, however, mark matches for manual remedial action. See Remediating and Marking Matches for more information.

Add Credentials

Your database credentials must have SELECT (data reader) access to the database resources to be scanned.

To add credentials for a database search location, click on No usernames or passwords:

Select "No usernames or passwords" to add credentials for a database in the Data Recon dashboard.

In the Search target credentials dialog box:

Click + Add and select one of the following:
- MySQL
- Oracle
- Microsoft SQL
- IBM DB2
- PostgreSQL
- Sybase
Fill in the following fields:
- Target location: Enter the database server hostname.
- Username: Enter your user name.
- Password: Enter your password.
  Credentials are only saved if:
  - Search configuration is saved. See Save and Load Options for more information.
  - The results database is saved. See Setting Results Database Options for more information.
(optional) Under Encrypt credentials enter a master password to encrypt stored credentials.
Click Ok.

Add Databases to Search Locations

In the main menu, click Search all local files:

Click "Search all local files" to bring up "Search targets" dialog box to add a database Target in Data Recon.

In the Search targets dialog box:

Click + Add.
Select Databases.
Select one of the following and click + to expand the selection:
- MySQL
- Oracle
- Microsoft SQL
- IBM DB2
- PostgreSQL
- Sybase
In the Add database server field, enter the database server host name as hostname[:port].
Specify a port if the database server is not using a default port. For more options, see Database Connection Options below.
Press Enter to add the specified database server as a search location.
(Optional) Click + to expand the added database server and select specific resources to scan.
Click Select and then Ok to finish adding the location.

Database Connection Options

Database	Connection Options
Oracle Database	Connect using a fully qualified domain name (FQDN) When adding an Oracle Database as a search location, you may need to enter the FQDN of the database server instead of its host name. Oracle 12x/TNS: protocol adapter error If you are using Oracle 12x, or if the Oracle database displays a "TNS: protocol adapter error", you must specify a SERVICE_NAME. Add the service name to the database server host name: <hostname(SERVICE_NAME=<SID>)[:port]>[/catalog[/table]] For example: db_server(SERVICE_NAME=GLAB)/catalog_A/table_1
Microsoft SQL Server	Scan a specific SQL Server instance (where multiple are running): <hostname(instance=<instance_name>)[:port]> For example: db_server(instance=mssql_instance_1)
Sybase/SAP ASE	Scan a specific Sybase instance (where multiple are running): <hostname(instance=<instance_name>)[:port]> For example: db_server(instance=sybase_instance_1)

Database

Connection Options

Oracle Database

Connect using a fully qualified domain name (FQDN)

When adding an Oracle Database as a search location, you may need to enter the FQDN of the database server instead of its host name.

Oracle 12x/TNS: protocol adapter error

If you are using Oracle 12x, or if the Oracle database displays a "TNS: protocol adapter error", you must specify a SERVICE_NAME.

Add the service name to the database server host name:
<hostname(SERVICE_NAME=<SID>)[:port]>[/catalog[/table]]

For example:
db_server(SERVICE_NAME=GLAB)/catalog_A/table_1

Microsoft SQL Server

Scan a specific SQL Server instance (where multiple are running):
<hostname(instance=<instance_name>)[:port]>

For example:
db_server(instance=mssql_instance_1)

Sybase/SAP ASE

Scan a specific Sybase instance (where multiple are running):
<hostname(instance=<instance_name>)[:port]>

For example:
db_server(instance=sybase_instance_1)