Guides
ProductDeveloperPartnerPersonal
ProductDeveloperPartnerPersonal

Discovery Scan

Suggest Edits

Discovery Scan inspects the content of all files in the tenant that are modified over the selected date range. As files in the selected tenant are scanned upon content change and context (sharing) change, Umbrella assesses the file. If Umbrella detects a violation, the offending file is listed in the Data Loss Prevention Report.
This topic walks you through how to initiate a scan and how to cancel an ongoing scan.

Note: A discovery scan must be triggered around 24 hours after tenant authorization as the system evaluates and enumerates the users in the organization. Any triggering beforehand might not include all users. Umbrella performs discovery scans on file of up to 50 MB. For each file, the scan extracts up to the first 5 MB of plain text from the file, and scans that data for violations.

Initiate a Discovery Scan

  1. Navigate to Policies > Management > Data Loss Prevention Policy.
  2. Click Discovery Scan.
2184
  1. Enter the Scan Details. Choose a platform and tenant of the platform from the drop-down lists. You can select multiple tenants.
2026
  1. Select where in uploaded files you would like the scan to search for the data classifications that you choose.
  • Content—(Default) Searches only the content of files for the selected data classifications.
  • File Name—Searches only file names for the selected data classifications.
  • Content and File Name—Searches content and file names for the selected data classifications. Both content and file name do not need to match for the scan to apply, only one or the other.

Note: Choosing Content, File Name, or Content and File Name refers to scanning file uploads for the selected data classifications and configured file labels.

Select the required Data Classification of your choice.

  1. Select the required Data Classification of your choice.

You may filter by Data Classification names using the Search Classifications box.

  1. Enter the Date Range to define the scanning scope. Note that only files modified in the selected date range are scanned.
1370
  1. Click Scan to initiate.
  2. Click Continue and Scan.

Note: Only one scan executes at a time. The scan might take a while. Once completed, you can initiate another scan.

988
  1. Click Discovery Report to view the progress of the scan results.
    For more information on DLP reports, refer to DLP Report.

Cancel a Discovery Scan

  1. Navigate to Reporting > Additional Reports > Data Loss Prevention.
  2. Switch to the Discovery tab.
1984
  1. Click Cancel Scan. Results of the ongoing scan are displayed in the ribbon.
    Note that the cancelation of a scan might take a few minutes.
  1. You can choose to either discard or keep the scan results and history. Click Cancel Scan.
1096

Add a SaaS API Rule to the Data Loss Prevention Policy < Discovery Scan > Edit a Data Loss Prevention Rule

Updated 15 days ago