Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Discovering Sensitive Information

Server Data Stores

search

Please Note:

Server Data Stores

DDC supports these server type data stores:

  • Sharepoint Server - Sharepoint Server is a web based collaborative platform integrating natively with Microsoft Office that is provided to organizations seeking greater control over Sharepoint's behavior or design.

  • Exchange Server

Adding Server Data Store

Use the Add Data Store wizard to add a new Server data store. This involves the following steps:

1. Select Store Type

  1. In the Select Store Type screen of the wizard select Server in the Select Data Store Category.

  2. In the Select Server Type drop-down list select the server data store type:

  3. Sharepoint Server (it is pre-selected).

  4. Exchange Server

  5. Click Next to go on to the Configure Connection screen.

2. Configure Connection

  1. In the Configure Connection screen of the wizard, provide the following configuration details for your data store:

    • SHAREPOINT SERVER

      • Hostname - the Sharepoint Server hostname.

      • Port - the port on which the server is accessed. The default port is 80.

      • User - a SQL user that is configured in Sharepoint and has access to the sites that you want to scan.

      • Password - the password used for the SQL user.

      • API Passwords - if multiple credentials are required to access the different Site Collections or Sites, you can use the Browse File button to upload a text file containing granular access credentials. The contents of such a text file must follow these rules:

        1. Each line of the text file defines a credential set for a URL path.

        2. Each line must be formatted as <url_path>|<username>|<password> where

          • <url_path> is the URL path to a Site Collection or Site.

          • <username> is the user name that has access to the URL path.

          • <password> is the password for the corresponding user.

      Note

      Use credentials that have the minimum required privileges to access all the web applications and site collections on the Sharepoint Server, to scan all resources for a Sharepoint Server target. For example, to scan all the Sharepoint site collections in "Sharepoint DBS", use a credential set that has access to "Web Application 1" and "Web Application 2".

    • EXCHANGE SERVER

      • Exchange Domain - the domain to scan mailboxes that reside on that domain. This is usually the domain component of the email address, or the Windows Domain.

        Note

        Using the domain IP instead of the domain name does not work.

      • User - your service account user name.

        Tip

        The account used to scan Microsoft Exchange mailboxes must:

        • Have a mailbox on the target Microsoft Exchange server.

        • Be a service account assigned the ApplicationImpersonation management role.

      • Password - your service account password.

  2. The Agent Selection section allows you to specify the minimum and maximum number of proxy agents when adding a data store. Employing a group of agents instead of a single agent to run the scan should improve the scan execution time.

    In the Select Number of Agents menu set the number of agents for the data store:

    • Minimum: Set the minimum number of agents to use to scan the data store. At least that number of proxy agents must be able to connect to the data store.

    • Maximum: Set the maximum number agents to use to scan the data store.

    Warning

    • As there is no limit on the number of minimum and maximum agents that you can set, you should exercise caution so that you do not impact the system performance by using too many resouces for a single scan.

    • You will not be able to add a data store if the minimum number of agents cannot be assigned.

    • A scan will fail if the assigned agent is unavailable after adding the data store.

    • The minimum number of agents must be less than or equal to the maximum number of agents.

  3. In the Add Label: field, add an agent label, by entering a label or removing and existing label. Agent labels represent the agent capabilities.

  4. Click Next to go to the General Info screen.

3. General Info

  1. Specify the following details:

    • Name: Name for the data store.

    • Description (Optional): Description for the data store.

    • Location: Location of the data store. Refer to Managing Branch Locations for details.

    • Sensitivity Level (Optional): Sensitivity level for the data store. Refer to Sensitivity Levels for details.

    • Enable Data Store: Whether to enable the newly added data store. Select the check box to enable the data store.

  2. Click Next.

4. Add Tags & Access Control

  1. (Optional) Grant the All groups (default) access for reports. Alternatively, select a group.

  2. Click Save.

The data store is added to the Data stores page. If the Ready to Scan column shows Ready, then data store is properly configured.

For more information on tags and access control, expand the section below.

Tags and Access Control

The Add Tags & Access Control screen in the Add Data Store wizard allows you to grant access rights to your data store and add tags. More details below:

  • ACCESS - select user groups that can access the data store. Access to a data store provides ability to see reports that include scans of that data store. The available options are:

    • All groups: All groups of users can access the data store through reports. This is the default setting.

    • Selected group/s: Specified user defined groups can access the data store through reports. When this option is selected, select a group from the drop-down list. This list shows existing user defined groups. The user defined groups must already exist on CipherTrust Manager. If no user defined groups exist, ask the administrator to create a group. If needed, you can select multiple groups. Start typing the name of the desired group and select from the suggested groups.

  • TAGS - select a tag from the Add Tag drop-down list. Please check the list of prebuilt tags in Predefined Tags.

    Tip

    • New tags can also be added. Start typing a new tag, and click the New: <new_tag> link that appears below the drop-down list.

    • Add as many tags as needed.

    • To remove a tag, click the close icon in the tag name.

  • In the General Info screen of the wizard, specify the name, description, branch location, and sensitivity level for your data store. See "Configuring a Data Store - General Information" for details.

  • In the Add Tags & Access Control screen of the wizard, grant access rights to your data store and add metadata. See "Configuring a Data Store – Tags and Access Control" for details.

  • Click Save to create the data store. At any time during the configuration you can click Back to go to any of the previous wizard screens to update the configuration. The newly created data store appears on the Data Stores page. By default, data stores are displayed in alphabetic order by name. Depending on the number of entries per page, you might need to navigate to other pages to view the newly created data store.

Recommended Least Privilege User Approach

To reduce the risk of data loss or privileged account abuse, the Target credentials provided for the intended Target should only be granted read-only access to the exact resources and data that require scanning. Never grant full user access privileges or unrestricted data access to any application if it is not required.

On this page