Data Loss Prevention

Hi

is it possible to perform a discover and alert with folders with Everyone access.

Regards

I am not sure what you are asking.. can you please clarify?

The discover can scan any Share as long as you provide the right Credentials to access it.

Hi

I want to scan folders that are open to "Everyone" in other words granted with "Everyone" permission access.

I don't know of a way to build it into a policy,
or create a response rule to alert,
or alter a discover target to scan only those shares/files where Everyone has access.

It's possible to do this after scanning. Create a report and add a filter like so;

(There is another filter for the share level)

Schedule the report to be sent on whatever interval is appropriate.

Aviva, 

So this is more of a permissons question and how to scan with it.

You will need to create a user account that has limited access permissions.

So that the only places that user can access is if the share is open to 'Everyone'.

Then when you scan a target or server, just point it to the shares and use that account and it will ONLY scan what it can get to. It will scan what it can access and if its not accesible it will error out (no Access). Just make sure you configure the discover scans to NOT stop after X number of errors. 

Good Luck

Ronak

Marked solved if possible

Thinking about my reply....

This will only get you a list of files/shares that have actually violated a DLP policy.  If there's a Word document that accessible by 'Everyone' but doesn't contain sensitive data, it won't generate an incident so it won't show-up in Enforce.

Something to keep in mind with this approach is that depending on the type of security monitoring going on in your environment, you may trip off some alarms by scanning a bunch of shares the account doesn't have access to.