Data Loss Prevention

 View Only

  • 1.  Exclude column in database scan

    Posted Aug 23, 2012 08:08 AM

    We're trying to run a scan against an Oracle database but are getting false positives from a particular column in the database. I know there is a way to ignore a whole table, but is there a way to ignore just a column?

    For instance, the scan would look like this: 
    oracle:@//SERVER:1521/DB_NAME

    The exclude for a table looks like:
    *|TABLE_TO_EXCLUDE

    So what would excluding a column look like; if it's possible.

    Thanks,
    Aaron



  • 2.  RE: Exclude column in database scan

    Posted Aug 24, 2012 12:48 AM

    what about an advanced EDM rule? and when it runs the index select the option to ignore that column or run an nitley report as a csv and use the CSV for the EDM and run the index telling what columns you want to use or match on. this is completely automated as you place the file int he datafiles folder and it will also take the newest file as it will overwrite the old one as long as it is the same name. hope this helps i have not found a real good solution either.



  • 3.  RE: Exclude column in database scan

    Posted Aug 24, 2012 07:49 AM

    While I'd love to get them to do an EDM, it's not going to happen.

    Thanks for the idea though.



  • 4.  RE: Exclude column in database scan
    Best Answer

    Posted Aug 24, 2012 06:34 PM

    Here's what you do.  You need to modify your sqldatabasecrawler.properties file. Use the following parameters.

     

    # Oracle
    driver_class.oracle = oracle.jdbc.OracleDriver
    driver_subprotocol.oracle = oracle:thin
    driver_table_query.oracle = SELECT listagg (utc.column_name, ', ') WITHIN GROUP (ORDER BY utc.table_name) || ' FROM ' || utc.table_name, null FROM   user_tab_cols utc, user_tables ut WHERE ut.table_name = utc.table_name AND column_name NOT LIKE '%ID' AND (ut.iot_type is null or not ut.iot_type = 'IOT_OVERFLOW') AND not exists (select unt.table_name from user_nested_tables unt where unt.table_name = ut.table_name) GROUP BY utc.table_name
    driver_row_selector.oracle = SELECT {0} WHERE rownum <= {2}
    driver_jar.oracle = ojdbc6.jar
    quote_table_names.oracle = true

     

    My query, in this case, is getting any column that does NOT end with 'ID'.  So you could adjust that to make it specific to the column name you want to exclude.

    Not ideal in that you can't control it from the UI, but if it's only one col that's giving you trouble, you could do it.

    Test on your own...I made this up in about 30 minutes to see if I could do it, so it may not be battle worthy and might need some adjustment.

    ~Keith



  • 5.  RE: Exclude column in database scan

    Posted Aug 25, 2012 03:31 PM

    keith

    what needs to be changed to do this is in SQL?



  • 6.  RE: Exclude column in database scan

    Posted Aug 27, 2012 07:54 AM

    Keith,

    Thanks for the info. I figured it could be done in the query itself. Too bad it's not able to be configured from the GUI. Perhaps I'll put that in a feature request.

    Thanks,

    Aaron