Hello and welcome to this document on how to use McAfee DLP Discover to locate sensitive data on a Box account.
We'll review how to set up a Box Repository, Run a scan, and review the results that the scan provides.
Okay, let’s get started.
Configure the DLP Discover Servers
Click on Menu > DLP Discover.
In the Discover Servers tab, click on Actions > Detect Servers and make sure that your servers displayed.
Go to the Definitions tab and click on Box under Repositories.
Use Actions > New to create a new box repository. I’m going to name it Box Repository.
To obtain the Client ID and Client Secret, click on the link listed and log into your Box account.
Create a box Application with the link on the right.
Give the application a name and click on Create Application
In the redirect_url: enter your epo’s ip address. Also, select the Manage enterprise checkbox. Now scroll all the way down to the bottom and click Save Application.
Scroll back to your Client ID and copy it from the Box Application Page to the Client ID on the DLP Repository page.
Now, copy the Client Secret from the Box Application page to the Client Secret on the DLP Repository page.
Next, click on Get Token button and grant access to the Discover Server. Finally, go ahead and click Save.
Great, now that our Box repository is set up, you can use it to perform a Scan Operation.
Click on the Scan Operations tab.
Go to Actions > New Scan > Box
Give the Scan a name. I’m going to call mine Box Repository Scan.
For the Scan Type, I’m going to select Classification. This will just provide you with the classification of the files that the scan finds. Another option that is available is the Remediation option, which gives you the ability to move, copy, or other action on the file based on your rules. But as I said, I’m just going to select the Classification option.
For your Discovery Server, click on the three dots to the right and select your DLP Discover server.
For the Scheduler, select schedule with the three dots on the right. I’m want my scan to run as soon as I apply my policy so I’m just going to select the Run Immediately option.
I’m also going to check the File List option so that I can see a list of files that are found by the scan.
For the Repository tab on the bottom, I’m going to click on Actions > Select Repositories. This will give me the option to select the Box Repository that you had created earlier.
With your repository selected, now go to the Classifications tab.
Select Actions > Select Classifications and you can choose which classifications you want to identify with your scan, such as Social Security numbers, Credit Card numbers, or other sensitive data that you have classifications for. You can create these classifications by going to Menu > Classifications, but I'm just going to use some classifications that I have previously created.
I’m going to select several classifications and click OK. Then I’m going click Save at the bottom.
Even though we've created a new Scan, it hasn't been applied yet. I can see that I still need to apply the policy with the Yes next to Pending Changes.
To initiate the scan, I’m going to click on Apply policy at the bottom right. After the policy is applied, the Pending Changes: is now No
It may take a few minutes for the policy to be applied on the server and for the scan to complete. You can initiate the process by performing an Agent Wake up on your Discover Server in the System Tree.
After the Scan is started and the server has synced with the ePO server, you can see the status of the scan in the Scan Operations tab. When the scan is complete, you can now review the results of the scan.
Reviewing the Results of the Scan
The Data Analytics tab allows you to analyze files from scans. The tab uses an OLAP data model to display up to three categories to expose multidimensional data patterns. You can use these patterns to optimize your classification scans. With my data, I can see that the scan found a "Top Secret" document, a document that "Contains Social Security Numbers", and a document that is "Sensitive". These were the classifications that I had configured previously.
Since we had enable File List in the scan options, the Data Inventory tab displays the inventory of files found from the scan. You can define and use filters to adjust the information displayed, which might reveal patterns or potential policy violations. Select the Scan that you want to display.
So there we have it. McAfee DLP Discover is a powerful tool to identify your sensitive data posture. We have just went through scanning a Box repository in this demo, but you can also scan CIFS and SharePoint repositories as well, providing you deep visibility into your data.