Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Clouds

Azure Table

search

Please Note:

printsuggest an editpdf paneldownload

Azure Table

This section covers the following topics:

copy link to clipboardPrerequisites

ComponentDescription
Proxy Agent• Direct Internet Access
• Cloud service-specific access key
• Recommended Proxy Agents:
 • Windows Agent
 • Linux Agent
TCP Allowed ConnectionsPort 443

copy link to clipboardGet Azure Account Access Keys

You require Azure account access keys to add Azure Table data store in DDC for scanning.

To get Azure Account Access keys:

  1. Log on to your Azure account.

  2. Select All resources.

  3. Use the search explorer to search for storage account.

  4. Select the desired storage account.

  5. Select Access keys.

  6. Click Show to display the key values.

    Note down the key values for key1(Primary) and key2(Secondary).

Note

Only one access key can be active at a time. Ask your Azure Storage account administrator which access key is currently active, and use that key to connect DDC to your Azure Storage account.

copy link to clipboardAdd Azure Table Data Store

To configure the Azure Table data store:

  1. Log on to the CipherTrust Manager GUI.

  2. Open the Data Discovery & Classification application.

  3. Click Data Stores > Data Stores > Add Data Store. The Add Data Store wizard is displayed.

  4. Complete the following steps:

    1. Select Type & Category

    2. General Info

    3. Configure Connection

    4. Add Access Control & Tags

    Note

    It is recommended to use IAM access keys instead of AWS root credentials.

copy link to clipboardSelect Type & Category

  1. Under Select Data Store Category, select Cloud.

  2. From Select Cloud Type, select Azure Table.

  3. Click Next.

copy link to clipboardGeneral Info

  1. Specify the following details:

    • Data Store Name: Name for the data store.

    • Description (Optional): Description for the data store.

    • Location Name: Location of the data store.

    • Add Location: Click Add Location to add new locations to the Location Name dropdown list. Refer to Adding Locations for detailed steps.

    • Sensitivity Level (Optional): Sensitivity level for the data store. Refer to Sensitivity Levels for details.

    • Enable Data Store: Whether to enable the newly added data store. Select the check box to enable the data store.

  2. Click Next.

copy link to clipboardConfigure Connection

  1. Specify the credentials of the Azure Table:

    FieldDescription
    Account NameAzure account name.
    Authentication UserAzure storage account name.
    PasswordAzure storage account access keys (key1 or key2). See Get Azure Account Access keys.

  2. In the Select Number of Agents field, set the minimum and maximum number of agents for the data store. Refer to Agents for more information.

    Warning

    • As there is no limit on the number of minimum and maximum agents that you can set, you should exercise caution so that you do not impact the system performance by using too many resources for a single scan.
    • You will not be able to add a datastore if the minimum number of agents cannot be assigned.
    • A scan will fail if the assigned agent is unavailable after adding the datastore.
    • The minimum number of agents must be less than or equal to the maximum number of agents.

  3. (Optional) In the Add Label field, enter a label. You can also remove an existing label.

  4. Click Next.

copy link to clipboardAdd Access Control & Tags

  1. (Optional) Grant the All groups (default) access for reports. Alternatively, select a group.

  2. Click Save.

The data store is added to the Data stores page. If the Ready to Scan column shows Ready, then data store is properly configured.

For more information on Access control and Tags, expand the section below.

copy link to clipboardAccess Control & Tags

The Access Control & Tags screen in the Add Data Store wizard allows you to grant access rights to your data store and add tags. More details below:

  • ACCESS CONTROL - select user groups that can access the data store. Access to a data store provides ability to see reports that include scans of that data store. The available options are:

    • All groups: All groups of users can access the data store through reports. This is the default setting.

    • Selected group/s: Specified user defined groups can access the data store through reports. When this option is selected, select a group from the dropdown list. This list shows existing user defined groups. The user defined groups must already exist on CipherTrust Manager. If no user defined groups exist, ask the administrator to create a group. If needed, you can select multiple groups. Start typing the name of the desired group and select from the suggested groups.

  • TAGS - select a tag from the Add Tag dropdown list. Please check the list of prebuilt tags in Predefined Tags.

    Tip

    • New tags can also be added. Start typing a new tag, and click the New: <new_tag> link that appears below the drop-down list.

    • Add as many tags as needed.

    • To remove a tag, click the close icon in the tag name.

copy link to clipboardAdd Azure Table Scan

Azure table data store support multi-agent scans.

To add a scan for Azure Table:

  1. Open the Data Discovery & Classification application.

  2. Click Scans > Add Scan. The Add Scan wizard is displayed.

  3. Complete the following steps:

    1. General Info

    2. Select Data Stores

    3. Add Targets

    4. Select Profiles

    5. Apply Filters

    6. Schedule Run

    Refer to Scans for the description of screens of the Add Scan wizard.

copy link to clipboardGeneral Info

  1. Specify a Name for the scan.

  2. (optional) Add a Description for the scan.

  3. Expand Advanced Configuration and specify advanced configurations such Scan Priority, Memory Usage Limit, and Amount of Data Object Volume. Refer to Advanced Configuration for details.

  4. Click Next.

copy link to clipboardSelect Data Stores

  1. Under Data Store Name, select the desired data store that is Ready for scanning. You can select multiple data stores, if required.

  2. Click Next.

copy link to clipboardAdd Targets

  1. To add a scan target, do one of the following:

    • Under the Add Target field, specify the correct target path and click Apply.

      If no specific target is added, the entire data store will be scanned.

      The following table lists target paths and syntax to specify them with examples.

      Target Path to ScanSyntaxExample
      Full Data Store<empty_path>
      Specific table<tablename>testdata

      Note

      Target paths are case-sensitive, except for the bucket name. Failure to use the correct case will result in a successful scan, but the report will not contain any match count for data objects and sensitive data.

    • Navigate and add target paths.

      1. Click Browse to navigate target paths from the root level.

        Alternatively, provide an initial path in the Add Target Path field and click Browse to navigate targets from that point onward.

      2. In the left pane, navigate and select the desired target path.

      3. Click Add Path to add the target path to the right pane. Similarly, add other target paths.

      4. Click Add.

      Tip

      Either navigate the target paths from the root level (without specifying any path in the Add Target Path field) or make sure you provide the correct path to navigate further locations within it.

  2. Click Next.

copy link to clipboardSelect Profiles

  1. Under Classification Profile Name, select the desired classification profiles to search for in the data store. You can select multiple profiles, if required. Refer to Classification Profiles for details on classification profiles.

  2. Click Next.

copy link to clipboardApply Filters

This step is optional.

  1. Select the desired filter from the Select Filter drop-down list.

    To filter the locations to scan an Azure table data store, consider the following syntax.

    Note

    Exclude locations by prefix, suffix, and expression filters support wildcard characters. See Using Wildcard Characters to learn how wildcards work.

    • Exclude locations by prefix

      Excludes search locations and nested locations with paths that begin with a given string. Specify <string>. It can be used to exclude entire directory trees.

      Filter ItemSyntaxExample
      Table<TableName>ddcdata

    • Exclude locations by suffix

      Excludes search locations and nested locations with paths that end with a given string. Specify <string>.

      Filter ItemSyntaxExample
      Table<TableName>*ddcdata* — Applies all paths starting with 'ddcdata' as suffix.

    • Exclude locations by expression

      This filter is majorly used with wildcard characters.

      Excludes search locations and nested locations that matches the given expression. Specify <string>.

      For example, to exclude locations that contain 'blob' in their path, use expression *blob*.

      Filter ItemSyntaxExample
      Table<TableName>*ddcdata*

  2. Click Apply.

  3. Repeat the above steps to apply multiple filters. Click Remove to remove any applied filter.

  4. Click Next.

Note

Unsupported filters for Azure tables data store:

  • Include locations within modification date

  • Exclude locations greater than file size

  • Include locations modified recently

copy link to clipboardSchedule Run

  1. Specify the scan run frequency. The two options are:

    • Manual: This is the default option. Select this option to run the scan manually. Select the Run Now check box to start the scan run after you save the changes.

    • Scheduled: Select this option to configure the scan to run automatically at the specified time.

    Refer to Schedule Scan for more details on scheduling scan runs.

  2. Click Save.

On this page