I have configured network discover with some policy but it is not working and traffic is also not showing in console.
both file server and discover on vm
I need to do any propertise setting for that
server network discover traffice is not showing like endpoint discover
Not able to see any traffice in this policy is working fine for remoable media
we need to define only quranatine reponse rule compulsory
hello
for network discover you have to define some complementary task :
- scanner
- scanner target
- schedule period of run (or start one time scan)
Network discover wont analyze storage content once installed as other detection servers.
Regards
Hi Stephane,
I Have created Content Root Enumeration successfully
Add into scan target
Define DCM Policy simply key word matching policy
Assign to network discover policy group
Define quarantine response rule
Run the scan target manually
find attached logs for more information.
we are not getting below mentioned logs
ScanDetail-target-0.log
Attachment(s)
what output do you have in "Scan History" page ?
You should have amount of data analyzed / nb incident raised / nb errors and it must shows that scan is running?
regards
Scan is running only or scanning
did you see any increase in amount of data analyzed by DLP ? and total amount of data to be analyzed by scanner ?
After any scanning it showin only scanning.
it looks like there is no directory to scan on your target (no errors / no data analyzed).
did you define some directory to scan in target def ? did you check that they are accessible from your discover server (in this case usually there is an error message but...) ?
if you have any best practice to follow send me
share drive is accessible from
because of alerts we are not getting share drive
hello deepak,
so looks like this is your main issue, content root enumeration does not work.
coudl you share with us message content of these alert ?
Find alerts logs
but I am seraching only one ip address at time.
for that ip i get proper share drive
1/ you could try to paste and copy shared drive names from content root enumeration into target scan def...this will allow us to know if issue is due to content root enumeration or scanners
2/ Check into this shared drive if there is any file to scan (not excluded by your target scan configuration (if you set any filters in it)). Do this operation from your discover servers and with account defined in your discover target.
you wrote there is no ScanDetail-target-0.log available...did you check if you have this file available on discover server ?
Thanks for reply guys
Issue is resolved it was releated ot AD.
I have created new test AD and sync with that