Settings
Last updated
Was this helpful?
Last updated
Was this helpful?
You can configure parameters, exclusions, and matching rules for the Share Audit module with the Settings page.
You can configure Max Depth, Max File Size,Number of Characters Before Match ,Number of Characters After Match,Extensions, and Exclusions with General Settings.
Max Depth
Specifies the maximum folder depth that the Share Audit module will process.
Max File Size - KB
Specifies the maximum size of files that the Share Audit module will process.
Extensions
Specifies the file extensions that the Share Audit module will process.
Exclusion
Specifies the IP addresses that the Share Audit module will not process. Input can be an IP Address, CIDR, Range notation, or defined as General to exclude specific shares and folders.
Number of Characters Before Match
Specifies the number of characters to include before the matching pattern in the processed data.
Number of Characters After Match
Specifies the number of characters to include after the matching pattern in the processed data.
Each matching rule is designated as an Inclusion. You can create matching rules with Name, Status, Severity, IP Range, Folder Path Regex, File Name Regex, and File Content Regex parameters.
Name
Name of the matching rule.
Severity
Risk level of matching rule.
Is Active
Status of the rule.
IP Range
Specifies the IP range of the machines to be scanned. IP range can be specified in formats such as 10.10.10.10, 8.8.8.8/24, or 6.6.6.6.20-82. If this field is empty, all machines will be scanned.
Folder Path Regex
Specifies the paths to be scanned based on the regex pattern. If this field is .* all folders will be scanned.
File Name Regex
Specifies the name of the files to be scanned based on the regex pattern. If this field is .* all files will be scanned.
File Content Regex
Specifies the regex pattern used to search for secrets in files. If this field is .* all data will be matched.
Each matching rule can have multiple Exclusion Rules to filter the output. You can create exclusion rules with Name, IP Range, Folder Path Regex, File Name Regex, and File Content Regex parameters.
Name
Name of the exclusion rule.
Is Active
Status of the exclusion rule.
IP Range
Specifies the IP range of the machines to be excluded. IP range can be specified in formats such as 10.10.10.10, 8.8.8.8/24, or 6.6.6.6.20-82. If this field is empty, all machines will be excluded.
Folder Path Regex
Specifies the paths to be excluded based on the regex pattern. If this field is .* all folders will be excluded.
File Name Regex
Specifies the name of the files to be excluded based on the regex pattern. If this field is .* all files will be excluded.
File Content Regex
Specifies the regex pattern used to exclude content. If this field is .* all data will be excluded.
This matching rule finds the passwords between SQLSRV1.forestall.labs and SQLSRV100.forestall.labs. Machines between SQLSRV15.forestall.labs and SQLSRV33.forestall.labs and matches containing password=WqkgtnA134j are excluded from the rule.
