Settings

You can configure parameters, exclusions, and matching rules for the Share Audit module with the Settings page.

General Settings

You can configure Max Depth, Max File Size,Number of Characters Before Match ,Number of Characters After Match,Extensions, and Exclusions with General Settings.

Share Audit General Settings
Setting
Description

Max Depth

Specifies the maximum folder depth that the Share Audit module will process.

Max File Size - KB

Specifies the maximum size of files that the Share Audit module will process.

Extensions

Specifies the file extensions that the Share Audit module will process.

Exclusion

Specifies the IP addresses that the Share Audit module will not process. Input can be an IP Address, CIDR, Range notation, or defined as General to exclude specific shares and folders.

Number of Characters Before Match

Specifies the number of characters to include before the matching pattern in the processed data.

Number of Characters After Match

Specifies the number of characters to include after the matching pattern in the processed data.

Matching Rules

Inclusion Rule

Each matching rule is designated as an Inclusion. You can create matching rules with Name, Status, Severity, IP Range, Folder Path Regex, File Name Regex, and File Content Regex parameters.

Matching Rule
Setting
Description

Name

Name of the matching rule.

Severity

Risk level of matching rule.

Is Active

Status of the rule.

IP Range

Specifies the IP range of the machines to be scanned. IP range can be specified in formats such as 10.10.10.10, 8.8.8.8/24, or 6.6.6.6.20-82. If this field is empty, all machines will be scanned.

Folder Path Regex

Specifies the paths to be scanned based on the regex pattern. If this field is .* all folders will be scanned.

File Name Regex

Specifies the name of the files to be scanned based on the regex pattern. If this field is .* all files will be scanned.

File Content Regex

Specifies the regex pattern used to search for secrets in files. If this field is .* all data will be matched.

Exclusion Rule

Each matching rule can have multiple Exclusion Rules to filter the output. You can create exclusion rules with Name, IP Range, Folder Path Regex, File Name Regex, and File Content Regex parameters.

Exclusion Rule
Setting
Description

Name

Name of the exclusion rule.

Is Active

Status of the exclusion rule.

IP Range

Specifies the IP range of the machines to be excluded. IP range can be specified in formats such as 10.10.10.10, 8.8.8.8/24, or 6.6.6.6.20-82. If this field is empty, all machines will be excluded.

Folder Path Regex

Specifies the paths to be excluded based on the regex pattern. If this field is .* all folders will be excluded.

File Name Regex

Specifies the name of the files to be excluded based on the regex pattern. If this field is .* all files will be excluded.

File Content Regex

Specifies the regex pattern used to exclude content. If this field is .* all data will be excluded.

Example

This matching rule finds the passwords between SQLSRV1.forestall.labs and SQLSRV100.forestall.labs. Machines between SQLSRV15.forestall.labs and SQLSRV33.forestall.labs and matches containing password=WqkgtnA134j are excluded from the rule.

Example Matching Rule
PreviousSecretsNextIntegrations

Last updated

Was this helpful?