How to use DLP Discover to Scan for Files Located on Box

Version 5

    Introduction

     

    Hello and welcome to this document on how to use McAfee DLP Discover to locate sensitive data on a Box account.

     

    We'll review how to set up a Box Repository, Run a scan, and review the results that the scan provides.

     

    Okay, let’s get started.

     

    Video

     

     

    Configure the DLP Discover Servers

     

    Click on Menu > DLP Discover.

     

    01.png

     

    In the Discover Servers tab, click on Actions > Detect Servers and make sure that your servers displayed.

     

    02.png

     

    Go to the Definitions tab and click on Box under Repositories.

     

    03.png

     

    Use Actions > New to create a new box repository. I’m going to name it Box Repository.

     

    04.png

     

    To obtain the Client ID and Client Secret, click on the link listed and log into your Box account.

     

    05.png

     

    Create a box Application with the link on the right.

     

    06.png

     

    Give the application a name and click on Create Application

     

    07.png

     

    In the redirect_url: enter your epo’s ip address. Also, select the Manage enterprise checkbox. Now scroll all the way down to the bottom and click Save Application.

     

    08.png

    09.png

     

    Scroll back to your Client ID and copy it from the Box Application Page to the Client ID on the DLP Repository page.

     

    10.png

     

    Now, copy the Client Secret from the Box Application page to the Client Secret on the DLP Repository page.

     

    11.png

     

    Next, click on Get Token button and grant access to the Discover Server. Finally, go ahead and click Save.

     

    12.png

    13.png

     

    Great, now that our Box repository is set up, you can use it to perform a Scan Operation.

    Click on the Scan Operations tab.

     

    14.png

     

    Go to Actions > New Scan > Box

     

    15.png

     

    Give the Scan a name. I’m going to call mine Box Repository Scan.

     

    16.png

     

    For the Scan Type, I’m going to select Classification. This will just provide you with the classification of the files that the scan finds. Another option that is available is the Remediation option, which gives you the ability to move, copy, or other action on the file based on your rules. But as I said, I’m just going to select the Classification option.

     

    17.png

     

    For your Discovery Server, click on the three dots to the right and select your DLP Discover server.

     

    18.png

     

    For the Scheduler, select schedule with the three dots on the right. I’m want my scan to run as soon as I apply my policy so I’m just going to select the Run Immediately option.

     

    19.png

     

    I’m also going to check the File List option so that I can see a list of files that are found by the scan.

     

    20.png

     

    For the Repository tab on the bottom, I’m going to click on Actions > Select Repositories. This will give me the option to select the Box Repository that you had created earlier.

     

    21.png

    22.png

     

    With your repository selected, now go to the Classifications tab.

     

    23.png

     

    Select Actions > Select Classifications and you can choose which classifications you want to identify with your scan, such as Social Security numbers, Credit Card numbers, or other sensitive data that you have classifications for. You can create these classifications by going to Menu > Classifications, but I'm just going to use some classifications that I have previously created.

     

    24.png

     

    I’m going to select several classifications and click OK. Then I’m going click Save at the bottom.

     

    25.png

     

    Even though we've created a new Scan, it hasn't been applied yet. I can see that I still need to apply the policy with the Yes next to Pending Changes.

     

    26.png

     

     

    To initiate the scan, I’m going to click on Apply policy at the bottom right. After the policy is applied, the Pending Changes: is now No

     

    27.png

     

    It may take a few minutes for the policy to be applied on the server and for the scan to complete. You can initiate the process by performing an Agent Wake up on your Discover Server in the System Tree.

     

    28.png

     

    After the Scan is started and the server has synced with the ePO server, you can see the status of the scan in the Scan Operations tab. When the scan is complete, you can now review the results of the scan.

     

    29.png

    Reviewing the Results of the Scan

     

    The Data Analytics tab allows you to analyze files from scans. The tab uses an OLAP data model to display up to three categories to expose multidimensional data patterns. You can use these patterns to optimize your classification scans. With my data, I can see that the scan found a "Top Secret" document, a document that "Contains Social Security Numbers", and a document that is "Sensitive". These were the classifications that I had configured previously.

     

    30.png

     

    Since we had enable File List in the scan options, the Data Inventory tab displays the inventory of files found from the scan. You can define and use filters to adjust the information displayed, which might reveal patterns or potential policy violations. Select the Scan that you want to display.

     

    31.png

     

    So there we have it. McAfee DLP Discover is a powerful tool to identify your sensitive data posture. We have just went through scanning a Box repository in this demo, but you can also scan CIFS and SharePoint repositories as well, providing you deep visibility into your data.