Discovery Scan inspects the content of all files in the tenant that are modified over the selected date range. As files in the selected tenant are scanned upon content change and context (sharing) change, Umbrella assesses the file. If Umbrella detects a violation, the offending file is listed in the Data Loss Prevention Report.
This topic walks you through how to initiate a scan and how to cancel an ongoing scan.
Note: A discovery scan must be triggered around 24 hours after tenant authorization as the system evaluates and enumerates the users in the organization. Any triggering beforehand might not include all users. The size limit for files to be scanned is 5MB.
Initiate a Discovery Scan
- Navigate to Policies > Management > Data Loss Prevention Policy.
- Click Discovery Scan.
- Enter the Scan Details. Choose a platform and tenant of the platform from the drop-down lists.
- Select the required Data Classification of your choice. You can select multiple tenants.
- Enter the Date Range to define the scanning scope. Note that only files modified in the selected date range are scanned.
- Click Scan to initiate.
- Click Continue and Scan.
Note: Only one scan executes at a time. The scan might take a while. Once completed, you can initiate another scan.
- Click Discovery Report to view the progress of the scan results.
For more information on DLP reports, refer to DLP Report.
Cancel a Discovery Scan
- Navigate to Reporting > Additional Reports > Data Loss Prevention.
- Switch to the Discovery tab.
- Click Cancel Scan. Results of the ongoing scan are displayed in the ribbon.
Note that the cancelation of a scan might take a few minutes.
- You can choose to either discard or keep the scan results and history. Click Cancel Scan.
Updated about a month ago