Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Server

Sharepoint Server

search

Sharepoint Server

This section covers the following topics:

Prerequisites

ComponentDescription
Proxy agentWindows agent
TCP allowed connectionsAll TCP ports used by the SharePoint web applications.
VersionSharePoint Server 2013 and higher.

SharePoint Server resources

Sharepoint Server is a web-based collaborative platform integrating natively with Microsoft Office that is provided to organizations seeking greater control over Sharepoint's behavior or design. A SharePoint Server host consists of web applications, site collections, sites, files, and folders as shown below. When a SharePoint Server is added as a scan target, DDC returns all root-level site collections for the SharePoint Server.

Example structure of SharePoint Server Host:

    SharePoint Server Host (host name: SharePointX)
    +– SharePoint Server
        +– Web Application 1 (https://sharepoint.example.com)
            +– Site Collection 1 (https://sharepoint.example.com/)
            +– Site Collection 2 (https://sharepoint.example.com/operations)
            +– Site Collection 3 (https://sharepoint.example.com/marketing)
        +– Web Application 2 (https://sharepoint.example.com:100)
            +– Site Collection 1 (https://sharepoint.example.com:100/)
            +– Site Collection 2 (https://sharepoint.example.com:100/engineering)

Example of structure of Web application:

    Web Application 1 (https://sharepoint.example.com)
    +- Site Collection 1 (https://sharepoint.example.com/)
    +- Site Collection 2 (https://sharepoint.example.com/operations)
        +- Sub-site 1 (https://sharepoint.example.com/operations/sub-site.aspx)
        +- Folder 1 (https://sharepoint.example.com/operations/myFolder)
            +- File 1 (https://sharepoint.example.com/operations/myFolder/myFile.txt)
        +- Lists (https://sharepoint.example.com/operations/Lists)
            +- List 1 (https://sharepoint.example.com/operations/Lists/myList)
                +- Item 1 https://sharepoint.example.com/operations/Lists/myList/myFile.pptx)

Add Sharepoint Server data store

To add the Sharepoint Server data store:

  1. Log on to the CipherTrust Manager GUI.

  2. Open the Data Discovery and Classification application.

  3. Click Data Stores > Data Stores > Add Data Store. The Add Data Store screen is displayed.

  4. Complete the following steps:

    1. Select Type & Category

    2. General Info

    3. Configure Connection

    4. Add Access Control & Tags

Select Type & Category

  1. Under Select Data Store Category, select Server.

  2. From Select Server Type, select Sharepoint Server.

  3. Click Next.

General Info

  1. Specify the following details:

    • Data Store Name: Name for the data store.

    • Description (Optional): Description for the data store.

    • Location Name: Location of the data store.

    • Add Location: Click Add Location to add new locations to the Location Name drop-down. Refer to Adding Locations for detailed steps.

    • Sensitivity Level (Optional): Sensitivity level for the data store. Refer to Sensitivity Levels for details.

    • Enable Data Store: Whether to enable the newly added data store. Select the check box to enable the data store.

  2. Click Next.

Configure Connection

  1. Specify the credentials of the Sharepoint Server domain:

    FieldDescription
    HostnameHostname of the Microsoft SQL Server where the SharePoint Server is hosted.
    UserA SQL user configured in the SharePoint and has access to the sites that you want to scan.
    PasswordPassword used for the SQL user.
    API PasswordsIf multiple credentials are required to access the different site collections or sites, click the Browse button and upload the text file containing granular access credentials for sites and site collections.
    Text file format: Each line in the file defines a credential set for a URL path formatted as <url_path>|<username>|<password>.
    Here,
    • <url_path> is the URL path to a Site Collection or Site. If it is left blank, the credentials will be used to access all content in the SharePoint Server.
    • <username> is the user name that has access to the URL path.
    • <password> is the password for the corresponding user.

    Note

    DDC will default to the credentials provided in the User and Password fields for sites or site collections that are not specified in the text file.

    Note

    Use credentials that have the minimum required privileges to access all the web applications and site collections on the Sharepoint Server for successfully scanning all resources for a Sharepoint Server target. For example, to scan all the Sharepoint site collections in "Sharepoint X", use a credential set that has access to "Web Application 1" and "Web Application 2".

    Tip

    Windows Authentication for Microsoft SQL

    For Windows authentication, enter Windows account credentials as follows:

    • User: Windows domain and username in the <domain_name\user_name> format.

    • Password: Windows password.

    For more information on Windows or SQL Server authentication modes, see Choose An Authentication Mode.

  2. In the Select Number of Agents field, set the minimum and maximum number of agents for the data store. Refer to Agents for more information.

    Warning

    • As there is no limit on the number of minimum and maximum agents that you can set, you should exercise caution so that you do not impact the system performance by using too many resources for a single scan.
    • You will not be able to add a datastore if the minimum number of agents cannot be assigned.
    • A scan will fail if the assigned agent is unavailable after adding the datastore.
    • The minimum number of agents must be less than or equal to the maximum number of agents.

  3. (Optional) In the Add Label field, enter a label. You can also remove an existing label.

  4. Click Next.

Add Access Control & Tags

  1. (Optional) Grant the All groups (default) access for reports. Alternatively, select a group.

  2. Click Save.

The data store is added to the Data Stores page. If the Ready to Scan column shows Ready, then data store is properly configured.

For more information on Access control and Tags, expand the section below.

Access Control & Tags

The Access Control & Tags tab on the Add Data Store screen allows you to grant access rights to your data store and add tags. More details below:

  • ACCESS CONTROL - select user groups that can access the data store. Access to a data store provides ability to see reports that include scans of that data store. The available options are:

    • All groups: All groups of users can access the data store through reports. This is the default setting.

    • Selected group/s: Specified user defined groups can access the data store through reports. When this option is selected, select a group from the drop-down list. This list shows existing user defined groups. The user defined groups must already exist on CipherTrust Manager. If no user defined groups exist, ask the administrator to create a group. If needed, you can select multiple groups. Start typing the name of the desired group and select from the suggested groups.

  • TAGS - Select a tag from the Add Tag drop-down. See the list of prebuilt tags in Predefined tags section.

    Tip

    • New tags can also be added. Start typing a new tag, and click the New: <new_tag> link that appears below the drop-down.

    • Add as many tags as needed.

    • To remove a tag, click the close icon in the tag name.

Add Sharepoint Server scan

To add a scan for the Sharepoint Server:

  1. Open the Data Discovery and Classification application.

  2. Click Scans > Add Scan. The Add Scan screen is displayed.

  3. Complete the following steps:

    1. General Info

    2. Select Data Stores

    3. Add Targets

    4. Select Profiles

    5. Add Filters

    6. Schedule Run

    Refer to Scans for the description of sections of the Add Scan screen.

General Info

  1. Specify a Name for the scan.

  2. (optional) Add a Description for the scan.

  3. Expand Advanced Configuration and specify advanced configurations such as Scan Priority, Memory Usage Limit, and Amount of Data Object Volume. Refer to Advanced Configuration for details.

  4. Click Next.

Select Data Stores

  1. Under Data Store Name, select the desired data store that is Ready for scanning. You can select multiple data stores, if required.

  2. Click Next.

Add Targets

  1. To add a scan target, do one of the following:

    • Add target paths manually.

      Under the Add Target field, specify the correct target path and click Apply. See SharePoint Server resources to understand the structure of targets.

      If no specific target is added, the entire data store will be scanned.

      The following table lists target paths and syntax to specify them with examples.

      Target Path to scanSyntaxExample
      Complete data storeEmpty path
      Site collection<organization>.sharepoint.com/<site_collection>https://example.sharepoint.com/operations
      All lists in a site collection<organization>.sharepoint.com/<site_collection>/<site>https://example.sharepoint.com/operations/my-site
      Specific list in a site collection<organization>.sharepoint.com/<site_collection>/:site/:list/<list>https://example.sharepoint.com/operations/:site/:list/my-list
      All folders and files in a site collection.<organization>.sharepoint.com/<site_collection>/:site/:filehttps://example.sharepoint.com/operations/:site/:file
      Specific folder in a site collection.<organization>.sharepoint.com/<site_collection>/:site/:file/<folder>https://example.sharepoint.com/operations/:site/:file/documents
      Specific file in a site collection.<organization>.sharepoint.com/<site_collection>/:site/:file/<file>https://example.sharepoint.com/operations/:site/:file/example-file.txt
      Specific file within a folder in a site collection.<organization>.sharepoint.com/<site_collection>/:site/:file/<folder>/<file>https://example.sharepoint.com/operations/:site/:file/documents/example-file.txt

      Note

      • Target paths are case-sensitive.

      • A list item in a specific list cannot be individually added and scanned. You can only scan the entire list.

      • While scanning lists, attachments within SharePoint Server lists are not scanned, resulting in no sensitive data objects being detected. To scan the attachments within list, use the following target path: <organization>.sharepoint.com/sites/<site_collection>/:site/:file/Lists/list_name/attachments

    • Navigate and add target paths.

      1. Click Browse to navigate target paths from the root level.

        Alternatively, provide an initial path in the Add Target Path field and click Browse to navigate targets from that point onward.

      2. In the left pane, navigate and select the desired target path.

      3. Click Add Path to add the target path to the right pane. Similarly, add other target paths.

      4. Click Add.

      Tip

      Either navigate the target paths from the root level (without specifying any path in the Add Target Path field) or make sure you provide the correct path to navigate further locations within it.

  2. Click Next.

Select Profiles

  1. Under Classification Profile Name, select the desired classification profiles to search for in the data store. You can select multiple data stores, if required. Refer to Classification Profiles for details on classification profiles.

  2. Click Next.

Add Filters

This step is optional.

  1. Select the desired filter from the Select Filter drop-down list.

    To filter the locations to scan a Sharepoint Server data store, consider the following syntax.

    Note

    Exclude Path/DO by prefix, suffix, and expression filters support wildcard characters. See Using wildcard characters to learn how wildcards work.

    • Exclude Path/DO by prefix

      Excludes paths or data objects that begin with a given string. It can be used to exclude entire directory trees. Specify <string>.

      Filter ItemSyntax
      Site collection<organization>.sharepoint.com/<site_collection>
      Site<organization>.sharepoint.com/<site_collection>/<site>
      List<organization>.sharepoint.com/<site_collection>/:site/:list/<list>
      Files<organization>.sharepoint.com/<site_collection>/:site/:file/<file>
      Folders<organization>.sharepoint.com/<site_collection>/:site/:file/<folder>

    • Exclude Path/DO by suffix

      Excludes paths or data objects that end with a given string. Specify <string>.

      Filter ItemExample
      Site collection<site_collection>/*
      Site<site>/*
      List<list>/*
      Files<file>/*
      Folders<folder>/*

    • Exclude Path/DO by expression

      This filter is majorly used with wildcard characters.

      Excludes paths or data objects that matches the given expression. Specify <string>.

      For example, to exclude locations that contain 'blob' in their path, use expression *blob*.

      Filter ItemExample
      Site collection*<site_collection>*
      Site*<site>*
      List*<list>*
      Files*<file>*
      Folders*<folder>*

    • Include DO modified recently

      Includes data objects modified within N number of days from the current date, where the value of N ranges from 1 to 99 days. After selecting this filter, specify Days from current date.

    • Exclude DO greater than size

      Excludes data objects that are larger than a given file size (in MB). After selecting this filter, specify the file size in MB.

    • Include DO's within modification date

      Includes data objects modified within a given range of dates. After selecting this filter, specify Start and End dates.

  2. Click Apply.

  3. Repeat the above steps to apply multiple filters. Click Remove to remove any applied filter.

  4. Click Next.

Schedule Run

  1. Specify the scan run frequency. The two options are:

    • Manual: This is the default option. Select this option to run the scan manually. Select the Run Now check box to start the scan run after you save the changes.

    • Scheduled: Select this option to configure the scan to run automatically at the specified time.

    Refer to Schedule Scan for more details on scheduling scan runs.

  2. Click Save.

On this page