G-Suite
How to Add a G-Suite Data Store? See Adding a G-Suite Data Store to CM.
How to Scan a G-Suite Data Store? See Scanning a G-Suite Data Store in CM.
How to Generate a New Key? See Generating a New Key for the Service Account.
How to Add G-Suite Scan Parameters? See Tunable Scan Parameters.
Adding a G-Suite Data Store to CM
Open the Data Stores page in CM.
Click on Add Data Store button.
In the select store type section select cloud-based data store and then select G-drive or G-Mail data store from the Select Type drop-down.
In the Configure connection section, enter the credentials of Google Domain, Username, and Service Account ID, and browse the key available on your system for that particular service account.
Note
The number of agents can also be configured under the agent selection.
In the General Info section enter the name, description, branch location, and sensitivity level then check on enable data store checkbox and move to next.
In the Add Tags & Access Control section, enter the right access group, apply tags if required, and then click on the save button to enable your data stored on CM.
If you get any error check for credentials and keys again, make sure they are valid.
Scanning a G-Suite Data Store in CM
Open the Scans page in CM.
Click on Add Scan button to start configuring new scans.
In the General Info section add a name for the scan and provide a description if needed. There is a section of Advance Configuration in which you can enter the details for tunable scans, more details are mentioned below inside tunable scan parameters section.
In the Select Data Store section check for the data store you have added for G-Mail or G-Drive.
In Add Targets section set the path for which you want to scan or leave it blank, the blank path will scan the full data store.
To run scans on a particular path or folder you can follow the same syntax as mentioned below inside the target field while configuring the scans.
Path Syntax Example User account <user_name> datastorecicduser Folder in user account <user_name/folder_name> datastorecicduser/My Drive For a G-Drive data store:
To scan particular user:
To scan a particular folder inside the user:
Note
To scan a G-Drive data store, use the following syntax to avoid invalid path error "<username>/My Drive/
" (this is because everything present inside G-drive is stored under My Drive folder).
For a G-Mail data store:
To scan a particular user:
To scan a particular folder inside the user:
Note
To scan the user mailbox at user_name@example.com, enter user_name. To scan the "Inbox" folder in the user mailbox user_name@example.com, enter user_name/inbox; to scan the "Sent Mail" folder, enter user_name/sent.
In the Select Profiles section check the box of profiles for which you want to search data.
In the Apply Filters section you can apply filters for excluding and including files based on their extension, file path, recent modification, file size, and modification date.
in the Schedule Scan section, scans can be scheduled for some other time or you can directly run it manually which will trigger the scan at the same time.
Generating a New Key for the Service Account
Log in to the cloud platform with your credentials and get into the IAM & Admin.
Get into the service account.
Check for the project, in which the required service account is available.
Get into the Manage keys option.
Generate a new key and it will automatically get downloaded into your system.
Tunable Scan Parameters
The Scans > Add Scan > Advanced Configurations section provides different parameters for a tunable scan. You can find details about these parameters in the Advance Configurations section.
These scan parameters help find the additional sensitive data objects missed during the normal scan.
Here are some report differences between a tunable scan report and a normal scan report for the same data store:
Normal Scan:
Tunable Scan:
The reports are almost same except the image data that is available in a tunable scan report with OCR enabled and not there in normal scan report, which increased the sensitive data object count in tunable scan report.