Enterprise Recon 2.12.0
Start a Scan
This section covers the following topics:
Overview
This section assumes that you have set up and configured Targets to scan. See Scan Locations (Targets) Overview.
Start a scan from the following places in the Web Console:
- Dashboard.
- Targets page. See Scan Locations (Targets) Overview.
- Schedule Manager. See View and Manage Scans.
- New Scan page.
How To Start A Scan
- Log in to the ER2 Web Console.
- Navigate to the Select Locations page by clicking on:
- Scans > New Scan, or
- the New Scan button in the
Dashboard,
Targets, or
Scans > Schedule Manager page.
-
On the Select Locations page, select Targets to scan from the list of Targets and click Next.
To add Targets not listed in Select Locations, see Add Targets.In the Select Locations page, you can:
- browse and select the contents of Targets listed to add as scan locations. For details, see Probe Targets.
- search and/or filter Targets and Target groups to include in your scans. For details, see Search for Targets and Target Groups.
- On the Select Data Types page, select the Data Type Profiles to be included in your scan and click Next.
- On the Set Schedule page, configure the parameters for your scan and click Next. See Set Schedule for more information.
- On the Confirm Details page, review the details of the scan schedule, and click Start Scan to start the scan. Otherwise, click Back to modify the scan schedule settings.
Your scan configuration is saved and you are directed to the Targets page. The Target(s) you have started scans for should display Searched x.x% in the Searched column to indicate that the scan is in progress.
Set Schedule
The Set Schedule page allows you to configure the following optional parameters for your scan:
Schedule Label
Enter a label for your scan. ER2 automatically generates a default label for the scan. The label must be unique, and will be displayed in the Schedule Manager. See View and Manage Scans.
Scan Frequency
Decide whether to Scan Now, or to Schedule a future scan.
To schedule a scan:
- Select Schedule.
- Select the start date and time for the scan.
- (Optional) Set the scan to repeat by selecting an option under How Often?.
When scheduling a future scan, you can set a Time Zone. The Time Zone should be set to the Target host's local time. Setting the Time Zone here will affect the time zone settings for this scheduled scan only.
Selecting the "Default" Time Zone will set the scan schedule to use the Master Server local time.
Daylight Savings Time
When setting up a scan schedule, Time Zone settings take into account Daylight Savings Time (DST).
-
On the start day of DST, scan schedules that fall within the skipped hour are moved to run one hour later.
On the start day for DST, a scan that was scheduled to run at 2:00 am will start at 3:00 am instead. -
On the end day of DST, scan schedules that fall within the repeated hour will run only during one occurrence of the repeated hour.
Set Notifications
To set notifications for the scan:
- Select Notify.
- Click + Add Notification.
- In the New Notification dialog box:
- Select Users to send alerts and emails to specific users.
- Select Email Address to send email notifications to specific email
addresses.
- Select Users to send alerts and emails to specific users.
- Under Notification Options, select Alert or Email for the event to send notifications for when the event is triggered. Only the Email options are available if Email Addresses is selected in Step 3.
- Click Save.
See Notification Policy for more information.
Advanced Options
Configure the following scan schedule parameters in Advanced Options:
- Automatic Pause Scan Window
- Limit CPU Priority
- Limit Search Throughput
- Enable Scan Trace Logs
- Capture Context Data
- Match Detail
- Partial Salesforce Object Scanning
- Enable Bulk Download for Cloud Target Scans
Automatic Pause Scan Window
Set scan to pause during the scheduled periods:
- Pause From: Enter the start time (12:00 am - 11:59 pm)
- To: Enter the end time (12:00 am - 11:59 pm)
- Pause on which days?: Select the day(s) on which the scan is paused. If no days are selected, the Automatic Pause Scan Window will pause the scheduled scan every day between the times entered in the Pause From and To fields.
If a Time Zone is set, it will apply to the Automatic Pause Scan Window. If no Time Zone is set, the Time Zone menu will appear under How Often?, allowing the user to set the time zone for the scan. See Scan Frequency above for more information.
Limit CPU Priority
Sets the CPU priority for the Node Agent used.
If a Proxy Agent is used, CPU priority will be set for the Proxy Agent on the Proxy Agent host.
The default is Low Priority to keep ER2's resource footprint low.
Limit Search Throughput
Sets the rate at which ER2 scans the Target:
- Limit Data Throughput Rate: Select to set the maximum disk I/O rate at which the scanning engine will read data from the Target host. No limit is set by default.
-
Set memory usage limit: Select to set the maximum amount of memory the scanning engine can use on the Target host. The default memory usage limit is 1024 MB.
If you encounter a "Memory limit reached" error, increase the maximum amount of memory the Agent can use for the scan here.
Enable Scan Trace Logs
Select Enable Scan Trace to capture detailed scan trace messages when scanning a Target. See Scan Trace Logs for more information.
Capture Context Data
Select to include contextual data when displaying matches in the Match Inspector. See Remediation.
Match Detail
For each scan schedule, ER2 balances the amount of information stored for each match location in terms of match details, contextual data and metadata.
While the default Match Detail setting is workable in most scenarios, sometimes there may not be sufficient match information captured for ER2 to safely perform "Masking" remediation on all matches within a given file. In such scenarios, ER2 will not proceed with the "Masking" remediation process.
From ER 2.0.30, you have control over the quantity of match information captured for each scan with the Match Detail setting to suit your scanning and remediation needs.
Setting | Description |
---|---|
View less match detail per file across a larger quantity of files |
|
Balances quantity of files and match detail in each file |
|
View the maximal detail per file across a smaller number of files |
With the View the maximal detail per file across a smaller number of files option, you can maximize the match information stored for each file to successfully perform "Masking" remediation on match locations.
|
All other remediation options including Delete Permanently, Quarantine and Encrypt File will also continue function as designed.
Partial Salesforce Object Scanning
The Partial Salesforce object scanning parameter lets you specify the maximum number of records per Salesforce object to be scanned for each scan schedule.
See Salesforce - Partial Salesforce Object Scanning for more information.
Enable Bulk Download for Cloud Target Scans BETA
The Enable bulk download for cloud target scans (BETA) parameter allows bulk download of files for supported cloud Targets.
Cloud Targets that support this feature are:
-
This feature is currently in BETA stage. When the Enable Box Bulk Download parameter is selected, scan results in Box Targets may report Inaccessible Locations. We strongly recommend using the feature in test environments as there may be other limitations associated with its usage.
Search for Targets or Target Groups
You can quickly filter, search, and select Targets and Target groups to include in your scans.
In the Select Locations page, when starting a new or modifying a scheduled scan, use the following functionalities:
Functionality | Description |
---|---|
(A) Search filter criteria |
From the dropdown, select Targets, Groups, or All (default value) to specify whether to search for Targets, Target groups, or both. To update results, click Search. |
(B) Name/keyword search bar | In the search bar, enter keyword(s) for your search.
|
(C) Target type filter | From the Filter Target Type dropdown, select the Target type(s)
to include in the results.
|
(D) Reset button |
Click Reset to remove all search keywords and filters. Resetting clears the search bar, clears the selection for the Target type filter, and reverts the search filter criteria dropdown to the default "All" value. |
Probe Targets
You can probe Targets to browse and select specific Target locations to scan when adding a new Target.
Requirements
Make sure that:
- The Master Server is running ER 2.0.21 or above. See Update ER2.
- The version of the Node or Proxy Agent assigned to the Target is 2.0.21 or above. For details on how to install or update the Agent, see Agent Admin.
- The Target host and the Node or Proxy Agent assigned to the Target are running and connected to the network.
To Probe Targets
- Start a new scan.
- In Select Locations, click the arrow next to the Target name to expand
and view available locations for that Target.
- Select the Target location(s) to scan.
If there are active search filter(s), selecting the Select All Groups checkbox or a Target group checkbox (e.g. “All data in group WINDOWS”) may include locations that are currently not displayed under the search results. Review your selection to ensure that only the intended locations are added and scanned. - Click Next to continue configuring your new scan.
BETA This is a Beta feature. Ground Labs does not give any warranties, whether express or implied, as to the suitability or usability of its Beta features. If you have any feedback on bugs or usability of the Beta feature, please email your feedback to product@groundlabs.com. Your assistance on this is highly appreciated.