Enterprise Recon 2.12.0

Start a Scan

This section covers the following topics:

Overview

This section assumes that you have set up and configured Targets to scan. See Scan Locations (Targets) Overview.

Start a scan from the following places in the Web Console:

How To Start A Scan

  1. Log in to the ER2 Web Console.
  2. Navigate to the Select Locations page by clicking on:
    • Scans > New Scan, or
    • the New Scan button in the Dashboard, Targets, or Scans > Schedule Manager page.
      New Scan button to start a scan from the Dashboard, Targets or Schedule Manager page.
  3. On the Select Locations page, select Targets to scan from the list of Targets and click Next.

    In the Select Locations page, you can:

  4. On the Select Data Types page, select the Data Type Profiles to be included in your scan and click Next.
  5. On the Set Schedule page, configure the parameters for your scan and click Next. See Set Schedule for more information.
  6. On the Confirm Details page, review the details of the scan schedule, and click Start Scan to start the scan. Otherwise, click Back to modify the scan schedule settings.

Your scan configuration is saved and you are directed to the Targets page. The Target(s) you have started scans for should display Searched x.x% in the Searched column to indicate that the scan is in progress.

Set Schedule

The Set Schedule page allows you to configure the following optional parameters for your scan:

Enterprise Recon 2.4 Set Schedule page to configure scan parameters.

Schedule Label

Enter a label for your scan. ER2 automatically generates a default label for the scan. The label must be unique, and will be displayed in the Schedule Manager. See View and Manage Scans.

Example of scan Schedule Label set to "SharePoint-Server Dec21-1200"

Scan Frequency

Decide whether to Scan Now, or to Schedule a future scan.

To schedule a scan:

  1. Select Schedule.
  2. Select the start date and time for the scan.
  3. (Optional) Set the scan to repeat by selecting an option under How Often?.

Example of Scan Frequency set to run just once on given date at 12:00 pm in the Default timezone.

When scheduling a future scan, you can set a Time Zone. The Time Zone should be set to the Target host's local time. Setting the Time Zone here will affect the time zone settings for this scheduled scan only.

Selecting the "Default" Time Zone will set the scan schedule to use the Master Server local time.

Daylight Savings Time

When setting up a scan schedule, Time Zone settings take into account Daylight Savings Time (DST).

  1. On the start day of DST, scan schedules that fall within the skipped hour are moved to run one hour later.

  2. On the end day of DST, scan schedules that fall within the repeated hour will run only during one occurrence of the repeated hour.

Set Notifications

To set notifications for the scan:

  1. Select Notify.
    Set notifications for the scan schedule in Enterprise Recon 2.12.0.
  2. Click + Add Notification.
  3. In the New Notification dialog box:
    • Select Users to send alerts and emails to specific users.
      Send alert or email notifications to specific users when selected events are triggered for a scan schedule.
    • Select Email Address to send email notifications to specific email addresses.
      Send notifications to specific email address when selected events are triggered for a scan schedule.
  4. Under Notification Options, select Alert or Email for the event to send notifications for when the event is triggered. Only the Email options are available if Email Addresses is selected in Step 3.
  5. Click Save.

See Notification Policy for more information.

Advanced Options

Configure the following scan schedule parameters in Advanced Options:

Automatic Pause Scan Window

Set scan to pause during the scheduled periods:

  • Pause From: Enter the start time (12:00 am - 11:59 pm)
  • To: Enter the end time (12:00 am - 11:59 pm)
  • Pause on which days?: Select the day(s) on which the scan is paused. If no days are selected, the Automatic Pause Scan Window will pause the scheduled scan every day between the times entered in the Pause From and To fields.
Set a scan pause schedule for every Wednesday and Friday from 8:00 am to 12:00 pm:

If a Time Zone is set, it will apply to the Automatic Pause Scan Window. If no Time Zone is set, the Time Zone menu will appear under How Often?, allowing the user to set the time zone for the scan. See Scan Frequency above for more information.

Limit CPU Priority

Sets the CPU priority for the Node Agent used.

If a Proxy Agent is used, CPU priority will be set for the Proxy Agent on the Proxy Agent host.

The default is Low Priority to keep ER2's resource footprint low.

Limit Search Throughput

Sets the rate at which ER2 scans the Target:

  • Limit Data Throughput Rate: Select to set the maximum disk I/O rate at which the scanning engine will read data from the Target host. No limit is set by default.
  • Set memory usage limit: Select to set the maximum amount of memory the scanning engine can use on the Target host. The default memory usage limit is 1024 MB.

Configure the data and memory usage limit for a scan schedule.

Enable Scan Trace Logs

Select Enable Scan Trace to capture detailed scan trace messages when scanning a Target. See Scan Trace Logs for more information.

Capture Context Data

Select to include contextual data when displaying matches in the Match Inspector. See Remediation.

Match Detail

For each scan schedule, ER2 balances the amount of information stored for each match location in terms of match details, contextual data and metadata.

While the default Match Detail setting is workable in most scenarios, sometimes there may not be sufficient match information captured for ER2 to safely perform "Masking" remediation on all matches within a given file. In such scenarios, ER2 will not proceed with the "Masking" remediation process.

From ER 2.0.30, you have control over the quantity of match information captured for each scan with the Match Detail setting to suit your scanning and remediation needs.

Setting Description
View less match detail per file across a larger quantity of files
  • This results in a more even spread of match data across a large quantity of files.
  • This setting captures less contextual data and metadata for each match location, which leads to less match information viewable in the Match Inspector window.
  • This setting is recommended for first-time scans of a system where a sample-based view of match and context details within every possible location found is required for initial investigation before deciding on the appropriate remediation strategy.
Balances quantity of files and match detail in each file
  • This is the default setting in ER2. This results in more match detail initially captured per file, but rapidly drops off if matches are detected in a large quantity of files.
  • This setting is best catered to typical scenarios where up to 10,000 matches per location are expected.
View the maximal detail per file across a smaller number of files
  • This captures maximal detail per file, but will rapidly reach the resource limit for ER2, resulting in very little match detail in subsequent files if more than a few files with a very high match count are present.
  • If the resource limit is hit before all the locations are scanned, the scan schedule will terminate with the "Scan stopped" status.
  • This setting is most appropriate when millions of matches are expected in a small number of locations.
  • With the View the maximal detail per file across a smaller number of files option, you can maximize the match information stored for each file to successfully perform "Masking" remediation on match locations.

Partial Salesforce Object Scanning

The Partial Salesforce object scanning parameter lets you specify the maximum number of records per Salesforce object to be scanned for each scan schedule.

See Salesforce - Partial Salesforce Object Scanning for more information.

Enable Bulk Download for Cloud Target Scans BETA

The Enable bulk download for cloud target scans (BETA) parameter allows bulk download of files for supported cloud Targets.

Cloud Targets that support this feature are:

  • Box Inc

You can quickly filter, search, and select Targets and Target groups to include in your scans.

In the Select Locations page, when starting a new or modifying a scheduled scan, use the following functionalities:

Select Target or Target Group as scan locations in Enterprise Recon 2.12.0.

Functionality Description
(A) Search filter criteria

From the dropdown, select Targets, Groups, or All (default value) to specify whether to search for Targets, Target groups, or both.

To update results, click Search.

(B) Name/keyword search bar In the search bar, enter keyword(s) for your search. X button.
  • Click Search to return partial and full match(es) of the entered keyword according to the selected search filter criteria. When you change your keyword, click Search to update the results.
  • Click X to clear the search bar.
(C) Target type filter From the Filter Target Type dropdown, select the Target type(s) to include in the results.
  • Click Apply to immediately update the results based on your updated Target type selection.
  • Click Clear to remove all selections.
(D) Reset button

Click Reset to remove all search keywords and filters.

Resetting clears the search bar, clears the selection for the Target type filter, and reverts the search filter criteria dropdown to the default "All" value.

Probe Targets

You can probe Targets to browse and select specific Target locations to scan when adding a new Target.

Requirements

Make sure that:

  • The Master Server is running ER 2.0.21 or above. See Update ER2.
  • The version of the Node or Proxy Agent assigned to the Target is 2.0.21 or above. For details on how to install or update the Agent, see Agent Admin.
  • The Target host and the Node or Proxy Agent assigned to the Target are running and connected to the network.

To Probe Targets

  1. Start a new scan.
  2. In Select Locations, click the arrow next to the Target name to expand and view available locations for that Target.
    Probe Target to expand and view available locations in Enterprise Recon 2.12.0.
  3. Select the Target location(s) to scan.
    Select Target locations to scan in Enterprise Recon 2.12.0.
  4. Click Next to continue configuring your new scan.

BETA This is a Beta feature. Ground Labs does not give any warranties, whether express or implied, as to the suitability or usability of its Beta features. If you have any feedback on bugs or usability of the Beta feature, please email your feedback to product@groundlabs.com. Your assistance on this is highly appreciated.