Scans

You must configure the scan for the data discovery. Select the data store that contains the sensitive data for data discovery and the profile/s used to classify the sensitive information found. You can also set the scheduling for the scan execution.

For users who are not clear about enabling remediation, you can create a scan without remediation. You can then view the report and, if you feel the need for remediation, modify the scan to enable and configure remediation. The remediation will be triggered

Adding Scans

1. In CipherTrust Data Discovery and Classification, click Scans.

2. Click Add Scan.

3. Type in the name and description and click Next.

4. Select all of the data stores with sensitive information on them to scan.

   When you create reports, you select which scans to include in the report. Therefore, only choose the Data Stores that you want included in the same report.

   Note

   Note that scans can be added to multiple, independent, reports.

   

5. Type the path for the Data Discovery target in the Add Target field, and click Apply to assign the target to the Data Store.

   

   Once you add the target, if you click on the down arrow, the target path and a toggle switch display: Enable Remediation.

   This Enable Remediation feature only activates if the:
   • Data store type is a local file system
   • Client has both a DDC and CTE agent installed
   • DDC Data Store IP Address/Hostname matches CTE name

   Note

   
   • DDC scan path matches the active GuardPoint path

6. Select Enable Remediation

7. Select the Classification Profile to apply to the scan and click Next.

   The Classification profile must match the Classification Profile used in

   Note

   your CTE policy and Resource Set.

   

8. For the frequency, select Manual or schedule the scan for a later date.

9. Click Run Now to execute the scan immediately after saving and closing the wizard.

   

10. Click Save to close the wizard. The scan starts the discovery process automatically. When the scan is finished, the status changes to Completed.

    

    Once the scan is finished, you can generate a report to see all of the information discovered and classified by the tool.

    Alternatively, to run the scan after the initial configuration, click the arrow key next to the scan name.

    

Scaning for Remediation

The DDC scan classify files and send notification to CTE to perform remediation on sensitive files. CTE perform the required remediation on all classified files according to policy. The result of classification and remediation can be visualized on DDC report. Another DDC scan is required to be executed to fetch remediation information from TDP.

Following is the process for scanning and remediating files:

1. CipherTrust Data Discovery and Classification runs the initial scan and scans all of the files.

2. CipherTrust Data Discovery and Classification sends a message to CipherTrust Transparent Encryption as to which files require remediation.

3. CipherTrust Transparent Encryption remediates the data.

   The duration of the scan depends on how many files are being remediated and the

   Note

   size of the files.

4. In order to see the effects of remediation in the reports, CipherTrust Data Discovery and Classification must perform a second scan. This scan is performed on the remediated files.

5. After this second scan completes, it reads information from TDP about the status of each file that needed remediation. That information is captured in the scan results which are then stored in TDP.

6. When a new report is generated and the DDC admin specifies the second scan, the report will then contain detailed information about the remediated files.