Trustwave DLP Discover Integration Guide For Microsoft ...discoverservice.vericept.com/Discover/TrustwaveDLP... · This book is the Trustwave DLP Discover Integration Guide for Microsoft

Trustwave DLP DiscoverIntegration Guide

For Microsoft SharePoint®

Trustwave DLP Discover Integration Guide for Microsoft SharePoint - March 7, 2017

Legal Notice

Copyright © 2017 Trustwave Holdings, Inc.

All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

While the authors have used their best efforts in preparing this book, they make no representation or warranties with respect to the accuracy or completeness of the contents of this manual and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the author or Trustwave shall be liable for any loss of profit or any commercial damages, including but not limited to direct, indirect, special, incidental, consequential, or other damages.

The most current version of this document may be obtained by contacting:

Trustwave Technical Support:Phone: +1.800.363.1621Email: [email protected]

Trademarks

Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.

Revision History

Version Date Changes

6.4 March 2017 • Initial release of guide

Legal NoticeCopyright © 2017 Trustwave Holdings, Inc. All rights reserved. ii


Chapter Descriptions

This book is the Trustwave DLP Discover Integration Guide for Microsoft SharePoint®. It contains all the information necessary for installation of DLP Discover to target a Microsoft SharePoint repository. This manual is broken into the following chapters.

Chapter 1: IntroductionThis chapter introduces Trustwave DLP Discover and how it works with repositories.

Chapter 2: SharePoint Scan TargetsDLP Discover can scan SharePoint repositories when it is targeted by a scan policy. This chapter explains how to con-figure a scan policy.

Related Documentation

DLP Discover’s documentation is available to all DLP Discover users through links on the Application tab of the Setting tab. An internet connection is required to view these documents. The following documentation is available:

• Trustwave DLP Discover 6.4 Getting Started Guide

• Trustwave DLP Discover 6.4 User Guide for Organizations

• Trustwave DLP Discover 6.4 User Guide for Stand-Alone Installations

• Trustwave DLP Discover 6.4 Release Notes

• Trustwave DLP Discover Integration Guide for Dropbox Business

• Trustwave DLP Discover Integration Guide for Google G Suite™

• Trustwave DLP Discover Integration Guide for Microsoft Exchange and Azure®

• Trustwave DLP Discover Integration Guide for Microsoft SharePoint®

Other important information can be obtained from Trustwave Support.

Chapter DescriptionsCopyright © 2017 Trustwave Holdings, Inc. All rights reserved. iii


Formatting Conventions

This manual uses the following formatting conventions to denote specific information.

Table 1: Formatting Conventions

Format and Symbols

Meaning

Blue Underline A blue underline indicates a Web site or e-mail address.

Bold Bold text denotes UI control and names such as commands, menu items, tab and field names, button and check box names, window and dialog box names, and areas of windows or dialog boxes.

Code Text in this format indicates computer code or information at a command line.Italics Italics denotes the name of a published work, the current document, name of another docu-

ment, text emphasis, or to introduce a new term.

[Square brackets] Square brackets indicate a placeholder for values and expressions.

Note: This symbol indicates information that applies to the task at hand.

Tip: This symbol denotes a suggestion for a better or more productive way to use the prod-uct.

Caution: This symbol highlights a warning against using the software in an unintended man-ner.

Formatting ConventionsCopyright © 2017 Trustwave Holdings, Inc. All rights reserved. iv


Table of ContentsCopyright © 2017 Trustwave Holdings, Inc. All rights reserved. v

Table of Contents

Legal Notice. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii

Revision History. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii

Chapter Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii

Formatting Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv

Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

1 Introduction 6

1.1 Repository Scan Targets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61.2 Deployment Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2 SharePoint Scan Targets 8


1 Introduction

Trustwave DLP Discover™ is a Microsoft Windows®-based application that investigates data at rest to find and protect sensitive information using the Trustwave suite of detection and classification methods. In DLP Discover, user define policies - called scan policies - to scan files and databases for this information. When a scan is complete, users remediate the results before generating reports on the scan and its outcome.

Scan policies define what type of sensitive data DLP Discover will search for. They also define where to search for the data: laptops or servers, databases, removable drives, and data repositories to name a few. DLP Discover supports scanning of document repositories in several on-site deployments including Dropbox for Business, Google Gmail™, and Microsoft SharePoint® servers. This guide describes how to target the following versions of Microsoft SharePoint repository in DLP Discover.

• Microsoft SharePoint Server 2010

• Microsoft SharePoint Server 2013 SP1

• Office 365 SharePoint

1.1 Repository Scan TargetsWhen a repository is targeted by a scan policy, that repository is called a scan target. DLP Discover uses .NET client-side object model (CSOM) to scan SharePoint's libraries, files, folders, lists, list items, and sites. When DLP Discover scans a repository, it makes a connection to a repository, looks for a specific portion of that repository, and scans specific files and folders within that portion based on the repository scan target’s configurations. Thus when repository scan target is created, it must specify where the scan will occur and what DLP Discover will scan.

DLP Discover connects to each repository using a reusable set of configurations called a connection. When scanning a repository target, DLP Discover elevates its permission so that it can scan sensitive files and folders. This access is only available during scans in order to protect the information. As such, some event details may not be available after the scan.

Also when scanning a repository target, DLP Discover does not count the number of items in the repository that it will scan or skip at the beginning of the scan. DLP Discover does not update the status bar on the Scan tab while scanning a repository. However, the Items Scanned and Items Skipped still increment; also the number of items is their sum. With repositories, items describe the total number of items that were scanned or skipped during a scan.

Scanners (the DLP Discover installations that run scans) create files in temporary directories while scanning attachments. These files are deleted after the scan. DLP Discover offers a secure way to delete the files which is time intensive. If a scanner that contains the repository is secure, disable this feature to improve performance.

This guide assumes you are familiar with DLP Discover. Review the Trustwave DLP Discover User Guide for Stand-Alone Installations for how to create and run a scan policy and for what to do with its scan results.

IntroductionCopyright © 2017 Trustwave Holdings, Inc. All rights reserved. 6


Events found in repositories cannot be remediated manually or automatically during the scan. Files in repository targets cannot record their properties or permissions. Because these file attributes are unavailable, the Scan Since information for a file in a repository targets is also unavailable.

1.2 Deployment OptionsTrustwave DLP Discover offers two types of deployments: stand-alone or organizational. Stand-alone deployments features very few (often one) instances of DLP Discover, while organizational deployments have installations of DLP Discover throughout an enterprise. In a stand-alone configuration, DLP Discover can target repositories in any of its scan policies. Organizational deployment only allow repository targets in local scan policies. See Trustwave DLP Discover User Guide for Organizations for more information about local scan policies.

IntroductionCopyright © 2017 Trustwave Holdings, Inc. All rights reserved. 7


2 SharePoint Scan Targets

DLP Discover can scan SharePoint sites and sub-sites. It initiates each scan by logging in with the account credentials provided in the scan target's connection. It then scans the target indicated provided it has permission to access the data that is there. DLP Discover assumes that its user account only has permissions to the sites that it should scan. If DLP Discover cannot access a site or its data, it assumes it should not scan that area and skips ahead without an error.

Because DLP Discover is limited to the permissions of the account it uses to log into SharePoint, you must provide credentials that have permission to the Server Web Application and data that DLP Discover should scan. If it does not, then DLP Discover will only scan what it has permission to access.

To target Microsoft SharePoint sites for scanning:

1. On the Policy Management tab, open the Organization tab.

DLP Discover requires no special configurations to scan sites in Microsoft SharePoint except credentials to a SharePoint account that has permission to access the targets sites.

SharePoint Scan TargetsCopyright © 2017 Trustwave Holdings, Inc. All rights reserved. 8


2. In the Organization editor, open [DLP Discover machine].Copies of any existing audit polices appear under this node.

3. Create or edit an audit policy.

4. On the Scan Targets tab, click Add Repository.

The Select Repository Type dialog box opens.

In an organizational deployment, select a scan policy under the Agents and Scanners node. Repository scan targets are not available to scan policies anywhere else in the hierarchy.



a. Select Microsoft SharePoint and click OK.The SharePoint Target dialog box opens.

b. If necessary, add a connection or select a connection from the Connection drop down list. Click the image below to watch a video on how to create a connection..



c. Select a connection in the Connection drop down list. Each connection targets a specific location in a repository. Connections allow you to build repository targets in order to scan different items within the same repository. For instance, you can have two scan policies: one that scans all calendars within a group and another that scans only the inboxes of a few members in the group. Both policies can use the same connection. When you create a repository scan target, you select a connection to use. The list of available connections that you may choose from is based on the type of repository you are targeting. If you edit a connection, DLP Discover applies that change to all scan targets that use that connection

d. Enter a name for the target in the Name field. This name will appear on the scan policy's Scan Targets tab.

e. In the Target Path field, enter the path to the site or sub-site that you want to scan. This path is appended to the connection's server web application URL.

f. In the Scan area, mark which items to scan.

g. If a file can be accessed through multiple paths or shortcuts, you can prevent it from being scanned multiple times by enabling Only scan unique files once.

h. To delete temporary files created while scanning in a way that the files cannot be recovered, select Secure delete temporary files. This is selected by default.

i. To suppress errors if scan targets are not present or accessible, mark Skip without error.

j. Click OK.

If you want to choose more than one site, select a common root for the site or create multiple connections.


About Trustwave®Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than 2.7 million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is a privately held company, headquartered in Chicago, with customers in 96 countries. For more information, visit https://www.trustwave.com.

https://www.trustwave.comhttps://www.trustwave.com

Trustwave DLP Discover Integration Guide For Microsoft SharePoint®Legal NoticeRevision HistoryChapter DescriptionsFormatting ConventionsTable 1: Formatting Conventions

Table of Contents

1 Introduction1.1 Repository Scan Targets1.2 Deployment Options

2 SharePoint Scan Targets

Documents

Trustwave DLP Discover Integration Guide For Microsoft ...discoverservice.vericept.com/Discover/TrustwaveDLP... · This book is the Trustwave DLP Discover Integration Guide for Microsoft