Enterprise Recon 2.12.0
Examples
This section provides examples of SQL statements that can be used to query Enterprise Recon data via the ODBC Reporting feature.
Examples:
- Retrieve Current State of Sensitive Data Matches
- Download Scan Summary Reports by Scan Schedule Label
- Download Captured Match Samples Across Scans for Specific Target
- Metadata Information for Sensitive Data Locations
- Sensitive Data Locations by File Format
Retrieve Current State of Sensitive Data Matches
Retrieve the current count of sensitive data matches by data type, Target Location, Target and Group.
Required data tables:
Sample SQL statement:
SELECT F.LABEL as `GROUP`, B.LABEL AS `TARGET`, E.LOCATION as `LOCATION`, C.LABEL as `MATCHSEVERITY`, D.LABEL as `DATATYPE`, A.QUANTITY as `MATCHCOUNT`
FROM DATA_LOCATION_MATCH A, DATA_TARGET B, DATA_MATCH_SEVERITY C, DATA_MATCH_TYPES D, DATA_LOCATION E, DATA_GROUP F
WHERE F.GUID = B.GUID AND A.TUID = B.TUID and A.CUID = D.CUID and A.SEVID = C.SEVID and A.LOCID = E.LOCID and A.TUID = E.TUID
Sample data:
GROUP | TARGET | LOCATION | MATCHSEVERITY | DATATYPE | MATCHCOUNT |
---|---|---|---|---|---|
CLOUD | AWSS3:AMAZON_S3_USERA | Amazon S3 Bucket bucket1 Folder Folder1/My-File.pdf->(pdf) | Match | Personal Names (English) | 10 |
CLOUD | AWSS3:AMAZON_S3_USERA | Amazon S3 Bucket bucket1 Folder Folder1/My-File.pdf->(pdf) | Test | Test Data | 2 |
SERVER | UBUNTU-SERVER | MariaDB Server employee-db:3308 Catalog employee-info | Match | SWIFT Code | 3 |
SERVER | UBUNTU-SERVER | MariaDB Server employee-db:3308 Catalog employee-info | Match | Email addresses | 27 |
CLIENT | WINDOWS-MACHINE | File path D:\Sample-Data\Data.txt | Prohibited | Track 2 | 2 |
CLIENT | WINDOWS-MACHINE | File path D:\Sample-Data\Data.txt | Prohibited | Visa | 1 |
Download Scan Summary Reports by Scan Schedule Label
Download the summary reports for a specific Target according to the scan schedule label. Information available in this scan summary report includes the number of matches per data type enabled for the scan, the number of scanned locations, scan root path, and more.
Required data tables:
Sample SQL statement:
SELECT A.LABEL as `TARGET`, B.REPORTID as `REPORTID`, C.LABEL as `DATATYPE`, B.LABEL as `SCANLABEL`, B.ROOT as `ROOT`, B.START as `START`, B.END as `END`, B.FAILED as `FAILED`, B.STOPPED as `STOPPED`, B.LOCATIONS as `LOCATIONS`, B.BYTES as `BYTES`, B.INACCESSIBLE as `INACCESSIBLE`, B.MATCHES as `MATCHCOUNT`, B.SAMPLES as `SAMPLECOUNT`
FROM DATA_TARGET A, SCANREPORT_SUMMARY B, DATA_MATCH_TYPES C
WHERE B.LABEL LIKE '%16JUL%' AND B.TUID = 8283249956251157105 AND A.TUID = B.TUID AND B.CUID = C.CUID
Sample data:
TARGET | REPORTID | DATATYPE | SCANLABEL | ROOT | START | END | FAILED | STOPPED | LOCATIONS | BYTES | INACCESSIBLE | MATCHCOUNT | SAMPLECOUNT |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
WINDOWS-MACHINE | 1594381354 | Personal Names (English) | WINDOWS-MACHINE File path D:\a-PDPA JUL10-1942 | File path D:\a-PDPA | 10/7/2020 7:42:55 PM | 10/7/2020 7:42:56 PM | 0 | 0 | 17 | 1498179 | 1 | 2 | 2 |
WINDOWS-MACHINE | 1594381354 | Passport Number | WINDOWS-MACHINE File path D:\a-PDPA JUL10-1942 | File path D:\a-PDPA | 10/7/2020 7:42:55 PM | 10/7/2020 7:42:56 PM | 0 | 0 | 17 | 1498179 | 1 | 0 | 0 |
WINDOWS-MACHINE | 1594382215 | Login credentials | WINDOWS-MACHINE File path D:\My-Data\All JUL10-1956 | File path D:\My-Data\All | 10/7/2020 7:57:16 PM | 10/7/2020 7:57:18 PM | 0 | 0 | 54 | 14033628 | 1 | 198 | 198 |
WINDOWS-MACHINE | 1594382215 | American Express | WINDOWS-MACHINE File path D:\My-Data\All JUL10-1956 | File path D:\My-Data\All | 10/7/2020 7:57:16 PM | 10/7/2020 7:57:18 PM | 0 | 0 | 54 | 14033628 | 1 | 22 | 22 |
WINDOWS-MACHINE | 1594382215 | Visa | WINDOWS-MACHINE File path D:\My-Data\All JUL10-1956 | File path D:\My-Data\All | 10/7/2020 7:57:16 PM | 10/7/2020 7:57:18 PM | 0 | 0 | 54 | 14033628 | 1 | 14 | 14 |
Download Captured Match Samples Across Scans for Specific Target
Download the first 1000 match samples captured across all scans for a specific Target. Match samples are available by data type per location, per scan.
Required data tables:
Sample SQL statement:
SELECT DATA_GROUP.LABEL as `GROUP`, DATA_TARGET.LABEL as `TARGET`, SCANREPORT_SAMPLE.REPORTID as `SCAN_REPORTID`, SCANREPORT_SAMPLE.START as `SCAN_START`, SCANREPORT_SAMPLE.END as `SCAN_END`, SCANREPORT_SAMPLE.LOCATION as `LOCATION`, DATA_MATCH_TYPES.LABEL as `DATA_TYPE`, SCANREPORT_SAMPLE.SAMPLE as `MATCH_SAMPLE`
FROM DATA_GROUP, DATA_TARGET, DATA_MATCH_TYPES, SCANREPORT_SAMPLE
WHERE SCANREPORT_SAMPLE.TUID = 8283249956251157105 AND
SCANREPORT_SAMPLE.LOCATION LIKE ‘MariaDB Server%’ AND
DATA_GROUP.GUID = DATA_TARGET.GUID AND
DATA_TARGET.TUID = SCANREPORT_SAMPLE.TUID AND
DATA_MATCH_TYPES.CUID = SCANREPORT_SAMPLE.CUID
LIMIT 1000
Sample data:
GROUP | TARGET | SCAN_REPORTID | SCAN_START | SCAN_END | LOCATION | DATA_TYPE | MATCH_SAMPLE |
---|---|---|---|---|---|---|---|
CLIENT | WINDOWS-MACHINE | 1595219201 | 20/7/2020 12:25:32 PM | 20/7/2020 12:25:33 PM | MariaDB Server GL-CPU-10:3308 Catalog employee-db Table employee-info | American Express | 374394#####5102 |
CLIENT | WINDOWS-MACHINE | 1595219201 | 20/7/2020 12:25:32 PM | 20/7/2020 12:25:33 PM | MariaDB Server GL-CPU-10:3308 Catalog employee-db Table employee-info | International Bank Account Number (IBAN) | ABCD EFGH 1234 5678 IJKL MNOP 901 |
CLIENT | WINDOWS-MACHINE | 1595219201 | 20/7/2020 12:25:32 PM | 20/7/2020 12:25:33 PM | MariaDB Server GL-CPU-10:3308 Catalog employee-db Table employee-info | Email addresses | userA@example.com |
CLIENT | WINDOWS-MACHINE | 1595219201 | 20/7/2020 12:25:32 PM | 20/7/2020 12:25:33 PM | MariaDB Server GL-CPU-10:3308 Catalog employee-db Table employee-info | United States Social Security Number (robust) | 123-45-6789 |
CLIENT | WINDOWS-MACHINE | 1595219201 | 20/7/2020 12:25:32 PM | 20/7/2020 12:25:33 PM | MariaDB Server GL-CPU-10:3308 Catalog employee-db Table employee-info | Personal Names (English) | Sherlock Holmes |
Metadata Information for Sensitive Data Locations
Get an overview of metadata types for sensitive data locations for a specific Target.
Required data tables:
Sample SQL statement:
SELECT LM.TUID as `TARGETUID`, T.LABEL as `TARGET`, LM.LOCID as `LOCATIONID`, LOC.LOCATION as `LOCATION`, LM.METAID as `METAID`, M.LABEL as `METALABEL`
FROM DATA_LOCATION_META LM
INNER JOIN DATA_META M ON LM.METAID = M.METAID
INNER JOIN DATA_LOCATION LOC ON LOC.TUID = LM.TUID
INNER JOIN DATA_TARGET T ON T.TUID = LM.TUID
WHERE LM.TUID = 8283249956251157105
Sample data:
TARGETUID | TARGET | LOCATIONID | LOCATION | METAID | METALABEL |
---|---|---|---|---|---|
8283249956251157105 | WINDOWS-MACHINE | 54600 | MariaDB Server :3308 Catalog employee-db Table employee-info | 38 | Permission Full |
8283249956251157105 | WINDOWS-MACHINE | 54600 | MariaDB Server :3308 Catalog employee-db Table employee-info | 39 | Permission Modify |
8283249956251157105 | WINDOWS-MACHINE | 54600 | MariaDB Server :3308 Catalog employee-db Table employee-info | 40 | Permission Execute |
8283249956251157105 | WINDOWS-MACHINE | 54601 | MariaDB Server :3308 Catalog employee-db Table employee-info | 19 | File Owner |
8283249956251157105 | WINDOWS-MACHINE | 54602 | MariaDB Server :3308 Catalog employee-db Table employee-info | 10 | Document Created |
Sensitive Data Locations by File Format
Get an overview of the common file formats or content types where sensitive data was found for a specific Target.
Required data tables:
Sample SQL statement:
SELECT LC.TUID as `TARGETUID`, T.LABEL as `TARGET`, LC.LOCID as `LOCATIONID`, LOC.LOCATION as `LOCATION`, LC.CTID as `CONTENTID`, C.LABEL as `CONTENTTYPE`
FROM DATA_LOCATION_CONTENT_TYPE LC
INNER JOIN DATA_CONTENT_TYPES C ON LC.CTID = C.CTID
INNER JOIN DATA_LOCATION LOC ON LOC.TUID = LC.TUID
INNER JOIN DATA_TARGET T ON T.TUID = LC.TUID
WHERE LC.TUID = 8283249956251157105
Sample data:
TARGETUID | TARGET | LOCATIONID | LOCATION | CONTENTID | CONTENTTYPE |
---|---|---|---|---|---|
8283249956251157105 | WINDOWS-MACHINE | 54599 | MariaDB Server :3308 Catalog employee-db Table employee-info | 66 | ZIP Archive |
8283249956251157105 | WINDOWS-MACHINE | 54600 | MariaDB Server :3308 Catalog employee-db Table employee-info | 1 | 7zip Archive |
8283249956251157105 | WINDOWS-MACHINE | 54600 | MariaDB Server :3308 Catalog employee-db Table employee-info | 21 | HTML/XML Document |
8283249956251157105 | WINDOWS-MACHINE | 54601 | MariaDB Server :3308 Catalog employee-db Table employee-info | 44 | Adobe Portable Document |
8283249956251157105 | WINDOWS-MACHINE | 54602 | MariaDB Server :3308 Catalog employee-db Table employee-info | 66 | ZIP Archive |