diff --git a/.gitignore b/.gitignore index 6f330fdbd5..0eef3377bd 100644 --- a/.gitignore +++ b/.gitignore @@ -15,6 +15,8 @@ build claude_logs packages +package.json +package-lock.json # Copied KB content (generated by scripts/copy-kb-to-versions.js) docs/*/kb/** diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/_category_.json b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/_category_.json new file mode 100644 index 0000000000..d55e69cd3e --- /dev/null +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "FSAA: Applet Settings", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "appletsettings" + } +} \ No newline at end of file diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/appletsettings.md similarity index 97% rename from docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md rename to docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/appletsettings.md index 82dba7cfde..985de0e99c 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/appletsettings.md @@ -6,7 +6,7 @@ sidebar_position: 30 # FSAA: Applet Settings -The Applet Settings page configures how the File System Access Audit (FSAA) applet is launched and how it behaves during a scan. It is a wizard page for the categories of: +The Applet Settings page configures how the File System Access Audit (FSAA) applet launches and how it behaves during a scan. This wizard page applies to these scan categories: - File System Access/Permission Auditing Scan - File System Activity Scan @@ -129,7 +129,7 @@ In the Certificate Exchange Options section, configure the following options: - Port – Select the checkbox to specify the port number for certificate exchange. The Default port number is 8767. -- Enable SPN mapping – Provide a custom Service Principal Name (SPN) per applet host when the automatically generated SPN isn't valid (for example, when the applet host sits behind a proxy). See the [FSAA: SPN Mapping](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/spnmapping.md) topic for additional information. +- Enable SPN mapping – Provide a custom Service Principal Name (SPN) per applet host when the automatically generated SPN isn't valid (for example, when the applet host sits behind a proxy). See the [FSAA: SPN Mapping](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/spnmapping.md) topic for additional information. See the [FSAA Applet Certificate Management Overview](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/certificatemanagement.md) diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/spnmapping.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/spnmapping.md similarity index 99% rename from docs/accessanalyzer/11.6/admin/datacollector/fsaa/spnmapping.md rename to docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/spnmapping.md index d6a05ad429..1f7fffa0a7 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/spnmapping.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/spnmapping.md @@ -1,7 +1,7 @@ --- title: "Configuring Custom SPN Mapping for Applet Hosts" description: "FSAA: SPN Mapping" -sidebar_position: 31 +sidebar_position: 20 --- # Configuring Custom SPN Mapping for Applet Hosts diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/manualcertificate.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/manualcertificate.md index 5a12f2dab6..869349fdc4 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/manualcertificate.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/manualcertificate.md @@ -11,7 +11,7 @@ use the `FSAACertificateManager.exe` tool. The `FSAACertificateManager.exe` tool `StealthAUDIT\PrivateAssemblies\FILESYSTEMACCESS\Applet` directory. All commands in the tool are case-sensitive. -Follow the steps to use the tool to create and store the required certificates. +## Create and store the required certificates :::note In these steps, some commands need to be run on the Enterprise Auditor console and some on @@ -22,7 +22,7 @@ the Proxy host. In the provided example commands: - All files that are generated by the Certificate Manager or copied to the Enterprise Auditor console are placed in the `%SAInstallDir%\PrivateAssemblies\FILESYSTEMACCESS\Applet\My Certificates` directory. This folder - is created by the tool if it does not already exist. + is created by the tool if it doesn't already exist. - When operating on the proxy host, files are placed into the root of the **FSAA** folder :::tip @@ -30,8 +30,8 @@ Remember, all commands in the `FSAACertificateManager.exe` tool are case-sensiti ::: -**Step 1 –** Create a Certificate Authority (CA). The CA is a self signed certificate that will be -used to sign the client and server certificates. On the Enterprise Auditor console, run the +**Step 1 –** Create a Certificate Authority (CA). The CA is a self-signed certificate that signs +the client and server certificates. On the Enterprise Auditor console, run the following command: ``` @@ -97,7 +97,7 @@ Successfully added FSAA_Client_Auth to Client the following command: :::note -This conversion to a CER file is necessary so that the private key of the CA is not +This conversion to a CER file is necessary so that the private key of the CA isn't shared. ::: @@ -113,11 +113,11 @@ Successfully wrote CER certificate to .\My Certificates\MyFSAACA.cer ``` **Step 6 –** Copy `FSAACertficateManager.exe` and the CA CER file (`.\My Certificates\MyFSAACA.cer`) -to the proxy host that will be running `FSAAAppletServer.exe`. These files must be copied to the -same directory. +to the proxy host that will be running `FSAAAppletServer.exe`. Place both files in the same +directory. :::note -These copied files will be deleted from the destination directory later in Step 12. +You will delete these copied files from the destination directory later in Step 12. ::: @@ -186,13 +186,13 @@ Successfully added FSAA_Server_Auth to Server **Step 11 –** Repeat Steps 6-10 for each proxy host. -**Step 12 –** Delete all the PFX, CER, and Key files that were generated or copied in the above +**Step 12 –** Delete all the PFX, CER, and Key files that were generated or copied in the earlier steps from the output locations. All of the required FSAA certificates have been stored in the FSAA managed certificate stores. The FSAA queries need to be configured to use the **Manual** certificate exchange option. This option can be found under Applet Settings in the FSAA Data Collector Wizard. See the -[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md) +[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/appletsettings.md) topic for additional information. For additional information on how to use the `FSAACertificateManager.exe` tool, run the diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/overview.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/overview.md index b945a38798..f902ee28d5 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/overview.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/overview.md @@ -33,16 +33,15 @@ topic for additional information. **Sensitive Data Discovery Considerations** The Sensitive Data Discovery Add-On must be installed on the Enterprise Auditor Console server, -which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, it -will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 +which enables Sensitive Data criteria for scans. If running Sensitive Data Discovery (SDD) scans, you +must increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host. By default, SDD scans are configured to run two concurrent threads. For example, if the job is configured to scan 8 hosts at a time with two concurrent SDD threads, then an extra 32 GB of RAM are required (8x2x2=32). :::tip -Remember, if employing either of the File System Proxy Mode as a Service scan mode options, it is -also necessary for the Sensitive Data Discovery Add-on to be installed on the server where the proxy -service is installed. +Remember, if employing either of the File System Proxy Mode as a Service scan mode options, you must +also install the Sensitive Data Discovery Add-on on the server where the proxy service is installed. ::: @@ -52,7 +51,7 @@ The FSAA Data Collector is configured through the File System Access Auditor Dat The wizard contains the following pages, which change based up on the query category selected: - [FSAA: Query Selection](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/queryselection.md) -- [FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md) +- [FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/appletsettings.md) - [FSAA: Scan Server Selection](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scanserverselection.md) - [FSAA: Scan Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/scansettings.md) - [FSAA: Azure Tenant Mapping](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/azuretenantmapping.md) diff --git a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/updateservicesettings.md b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/updateservicesettings.md index 9ebd66b86e..3b089fcb7f 100644 --- a/docs/accessanalyzer/11.6/admin/datacollector/fsaa/updateservicesettings.md +++ b/docs/accessanalyzer/11.6/admin/datacollector/fsaa/updateservicesettings.md @@ -6,23 +6,22 @@ sidebar_position: 140 # FSAA: FSAA Update Service Setting -The FSAA Update Service Setting page is where the File System Proxy Service can be automatically -updated on hosts where the service has already been installed. It requires the File System Proxy -Service to be v8.0 or later prior to using this feature. It is a wizard page for the category of -Update Proxy Service. +Use the FSAA Update Service Setting page to automatically update the File System Proxy Service on +hosts where the service is already installed. This page requires the File System Proxy Service to be +v8.0 or later. This wizard page applies to the Update Proxy Service category. ![FSAA Data Collector Wizard FSAA Update Service Setting page](/images/accessanalyzer/11.6/admin/datacollector/fsaa/updateservice.webp) Configure the settings for the targeted File System Proxy Service: - Port number – The default port number is 8766 -- Applet communication timeout: [number] minute(s) – This option determines the length of time (in +- Applet communication timeout: [number] minutes – This option determines the length of time (in minutes) the Enterprise Auditor Console attempts to reach the proxy before giving up. Depending on the job configuration, the data collector behaves in one of three ways after the timeout value has been exceeded. -- Scan cancellation timeout: [number] minute(s) – When selected, this option will timeout the applet - if there is an attempt to pause the scan and the applet does not respond +- Scan cancellation timeout: [number] minutes – When selected, this option will timeout the applet + if there is an attempt to pause the scan and the applet doesn't respond See the -[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md) +[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/appletsettings.md) topic for additional information. diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/asaservice/proxymodeservicepermissions.md b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/asaservice/proxymodeservicepermissions.md index 0d9b64ce00..3d7ac46d2b 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/asaservice/proxymodeservicepermissions.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/asaservice/proxymodeservicepermissions.md @@ -8,10 +8,10 @@ sidebar_position: 10 When File System scans are run in proxy mode as a service, there are two methods available for deploying the service: -* Pre-Installed File System Proxy Service – File System Proxy Service installation package must be installed on the Windows proxy servers prior to executing the scans. This is the recommended method. +* Pre-Installed File System Proxy Service – File System Proxy Service installation package must be installed on the Windows proxy servers before executing the scans. This is the recommended method. * Ad Hoc File System Proxy Service Deployment – File System Proxy Service is installed on the Windows proxy server when the job is executed -The data collection processing is conducted by the proxy server where the service is running and leverages a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Access Analyzer Console server. +The proxy server where the service runs conducts data collection processing and uses a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Access Analyzer Console server. **File System Proxy Service Credentials** @@ -26,20 +26,20 @@ Additionally, the credential must have `WRITE` access to the `…\StealthAUDIT\F **Sensitive Data Discovery Auditing Consideration** -Sensitive Data Discovery Auditing scans require .NET Framework 4.7.2 or later. If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host.. By default, SDD scans are configured to run two concurrent threads. For example, if the job is configured to scan 8 hosts at a time with two concurrent SDD threads, then an extra 32 GB of RAM are required (8x2x2=32). +Sensitive Data Discovery Auditing scans require .NET Framework 4.7.2 or later. If running Sensitive Data Discovery (SDD) scans, you must increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host. By default, SDD scans are configured to run two concurrent threads. For example, if the job is configured to scan 8 hosts at a time with two concurrent SDD threads, then an extra 32 GB of RAM are required (8x2x2=32). **Secure Proxy Communication Considerations** For secure proxy communication via https, a credential is supplied during installation to provide secure communications between the Access Analyzer server and the proxy server. This credential must -be a domain account, but no additional permissions are required. It is recommended to use the same -domain account configured to run the proxy service as a credential in the Connection Profile to be -used by the File System Solution +be a domain account, but no additional permissions are required. Use the same domain account +configured to run the proxy service as the credential in the Connection Profile that the File +System Solution uses. **Secure Proxy Communication and Certificate Exchange** For Proxy Mode as a Service Scans, the certificate exchange mechanism and certificate exchange port -must be configured via the File System Access Auditing Data Collector Wizard prior to executing a +must be configured via the File System Access Auditing Data Collector Wizard before executing a scan. See the [FSAA Applet Certificate Management Overview](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/certificatemanagement.md) topic for additional information. @@ -54,9 +54,9 @@ rule information. - Target Access (Proxy ↔ Targets): Connection Profile Account :::note -If the service is deployed by the File System Scan job (as opposed to manually installed), the account used by the connection profile will be used to run the FSAA Proxy Service unless Run service as Local System is checked on the Applet Settings page of the job query. Alternatively, a credential added to the connection profile using either Task (Local) or Task (Domain) can be used to run the service. +If the service is deployed by the File System Scan job (as opposed to manually installed), the account used by the connection profile will be used to run the FSAA Proxy Service unless Run service as Local System is checked on the Applet Settings page of the job query. Alternatively, you can add a credential to the connection profile using either Task (Local) or Task (Domain) to run the service. -If the target host resides in a different domain than the proxy server and there is no trust relationship between the two domains, a task credential for the proxy domain is required to be stacked with the credential for scanning the target file system. +If the target host resides in a different domain than the proxy server and there is no trust relationship between the two domains, you must stack a task credential for the proxy domain with the credential for scanning the target file system. For example: Scanning Configuration: NAA Console [Domain A] → Proxy Server [Domain A] → File Server [Domain B] Connection Profile: @@ -64,16 +64,16 @@ Active Directory Account | Domain B\Credentials Task (Domain) | Domain A\Credentials ::: -## How do I determine if I’m using Proxy Mode with Service scanning? +## Verify Proxy Mode with Service scanning -The best way to verify if you’re using Proxy Mode with Service scanning is via the FSAA Data Collector Query Settings:: +To verify Proxy Mode with Service scanning, check the FSAA Data Collector Query Settings: ### Pre-Install File System Proxy Service -1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/appletsettings) > Applet Launch Mechanism: Require applet to be running as a service on target +1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/appletsettings/appletsettings) > Applet Launch Mechanism: Require applet to be running as a service on target 2. [Scan Server Selection](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/scanserverselection) > “Specific Remote Server: “ **OR** “Specific Remote Servers by Host List” **_OR_** ### Deploy Service on Scan -1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/appletsettings) > Applet Launch Mechanism: Windows Service +1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/appletsettings/appletsettings) > Applet Launch Mechanism: Windows Service 2. [Scan Server Selection](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/scanserverselection) > “Specific Remote Server: “ **OR** “Specific Remote Servers by Host List” diff --git a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/withapplet/proxymodeappletpermissions.md b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/withapplet/proxymodeappletpermissions.md index 3a22926901..b0ecccea55 100644 --- a/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/withapplet/proxymodeappletpermissions.md +++ b/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/proxymodescans/withapplet/proxymodeappletpermissions.md @@ -6,9 +6,9 @@ sidebar_position: 10 # Proxy Mode with Applet Permissions -When File System scans are run in proxy mode with applet, it means the File System applet is deployed to the Windows proxy server when the job is executed to conduct data collection. The data collection processing is initiated by the proxy server where the applet is deployed and leverages a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Access Analyzer Console server. +When File System scans are run in proxy mode with applet, it means the File System applet is deployed to the Windows proxy server when the job is executed to conduct data collection. The proxy server where the applet is deployed initiates data collection processing and uses a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Access Analyzer Console server. -Configure the credential(s) with the following rights on the proxy server(s): +Configure the credentials with the following rights on the proxy servers: - Group membership in the local Administrators group - Granted the Backup files and directories local policy privilege @@ -24,8 +24,8 @@ the applet. :::warning -The local policy, “Network access: Do not allow storage of passwords and credentials -for network authentication” must be disabled in order for the applet to start. +The local policy, “Network access: Don't allow storage of passwords and credentials +for network authentication” must be disabled for the applet to start. ::: @@ -40,7 +40,7 @@ information. **Secure Proxy Communication Considerations** For Proxy Mode with Applet scans, the certificate exchange mechanism and certificate exchange port -must be configured via the File System Access Auditing Data Collector Wizard prior to executing a +must be configured via the File System Access Auditing Data Collector Wizard before executing a scan. See the [FSAA Applet Certificate Management Overview](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/certificatemanagement/certificatemanagement.md) topic for additional information. @@ -56,8 +56,8 @@ By default, the Applet will run as the connection profile account unless an addi The account used in the connection profile associated with the File System scan jobs, should have the appropriate permissions required to access the target host. See the [File System Supported Platforms](https://docs.netwrix.com/docs/accessanalyzer/11_6/requirements/filesystem/filesystems/) page for specific requirements per target file system. -## **How do I determine if I’m using Proxy Mode with Applet scanning?** +## Verify Proxy Mode with Applet scanning -The best way to verify if you’re using Proxy Mode with Applet scanning is via the FSAA Data Collector Query Settings below: -1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/appletsettings) > Applet Launch Mechanism: MSTask Task Scheduler +To verify Proxy Mode with Applet scanning, check the following FSAA Data Collector Query Settings: +1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/appletsettings/appletsettings) > Applet Launch Mechanism: MSTask Task Scheduler 2. [Scan Server Selection](https://docs.netwrix.com/docs/accessanalyzer/11_6/admin/datacollector/fsaa/scanserverselection) > “Specific Remote Server: “ **OR** “Specific Remote Servers by Host List” diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsaa_system_scans.md b/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsaa_system_scans.md index ab72de1497..1ba094df2b 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsaa_system_scans.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsaa_system_scans.md @@ -6,8 +6,7 @@ sidebar_position: 40 # 1-FSAA System Scans Job -The 1-FSAA System Scans job is designed to collect access information from the targeted file -servers. +The 1-FSAA System Scans job collects access information from the targeted file servers. ## Query for the 1-FSAA System Scans Job @@ -30,7 +29,7 @@ The following default configurations are commonly customized: - Default Scoping Options page > Scan Settings tab: - - Set to **Limit subfolder scan depth to 2 level(s)** + - Set to **Limit subfolder scan depth to 2 levels** See the [Recommended Configuration for the File System Solution](/docs/accessanalyzer/11.6/solutions/filesystem/recommended.md) @@ -41,8 +40,8 @@ additional information. ### Configure the (FSAA) File System Scan Query The 1-FSAA System Scans job has been preconfigured to run with the default settings with the -category of File system access/permission auditing Scan. Follow the steps to set any desired -customizations. +category of File system access/permission auditing Scan. To customize the configuration, complete +the following steps. **Step 1 –** Navigate to the **FileSystem** > **0.Collection** > **1-FSAA System Scans** > **Configure** node and select the **Queries** node. @@ -54,7 +53,7 @@ opens. Data Collector Wizard opens. :::warning -Do not make changes to other wizard pages as they have been pre-configured for the +Don't make changes to other wizard pages as they have been pre-configured for the purpose of this job. ::: @@ -63,7 +62,7 @@ purpose of this job. **Step 4 –** The Applet Settings page applies to the applet and proxy mode scans. If employing proxy servers, see the -[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md) +[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/appletsettings.md) topic for configuration instructions. ![Scan Server Selection](/images/accessanalyzer/11.6/solutions/filesystem/collection/fsaaseekserverselection.webp) @@ -80,7 +79,7 @@ for additional information. for additional information. :::note -If streaming is enabled, the **2-FSAA Bulk Import** job is no longer needed as part of the +If you enable streaming, you no longer need the **2-FSAA Bulk Import** job as part of the **0.Collection** job group. ::: @@ -106,13 +105,13 @@ topic for additional information. - Action on failure to enable LAT Preservation – Before scanning each file, FSAA attempts to enable an operating system feature to preserve the LAT when accessing the file. This operation - may fail for a variety of reasons, which include but are not limited to: the operating system - or file system where the file is located does not support LAT preservation, or insufficient + may fail for a variety of reasons, which include but aren't limited to: the operating system + or file system where the file is located doesn't support LAT preservation, or insufficient permissions from the service account trying to access the file. The following configuration addresses a failure to enable the LAT preservation mode: - Continue to scan file silently – FSAA scans the file with the possibility that LAT - preservation is not possible. No warning will be shown. + preservation isn't possible. No warning will be shown. - Continue to scan file with warning – FSAA scans the file with the possibility that LAT will not be preserved. A warning will be shown for this file. - Skip file silently – FSAA will not scan the file. No warning will be shown. @@ -148,8 +147,8 @@ scans. See the [File Details Tab](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/defaultscopingoptions/filedetails.md) :::info -Carefully consider configuring the following settings. Applying filters when file -detail scanning has been enabled reduces the impact on the database. +Carefully consider configuring the following settings. Applying filters after you enable +file detail scanning reduces the impact on the database. ::: @@ -197,7 +196,7 @@ View the analysis task by navigating to the **FileSystem** > **0.Collection** > Scans** > **Configure** node and selecting **Analysis**. :::warning -Do not modify or deselect the selected analysis task. The analysis task is +Don't modify or deselect the selected analysis task. The analysis task is preconfigured for this job. ::: diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsac_system_scans.md b/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsac_system_scans.md index 7241c958f0..8994c6299f 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsac_system_scans.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-fsac_system_scans.md @@ -6,7 +6,7 @@ sidebar_position: 50 # 1-FSAC System Scans Job -The 1-FSAC System Scans job is designed to collect activity events from the targeted file servers. +The 1-FSAC System Scans job collects activity events from the targeted file servers. ## Query for the 1-FSAC System Scans Job @@ -36,7 +36,8 @@ topic for a complete list of customizable settings. See the ### Configure the Activity Scan Query The 1-FSAC System Scans job has been preconfigured to run with the default settings with the -category of File system activity Scan. Follow the steps to set any desired customizations. +category of File system activity Scan. To customize the configuration, complete the following +steps. **Step 1 –** Navigate to the **FileSystem** > **0.Collection** > **1-FSAC System Scans** > **Configure** node and select the **Queries** node. @@ -48,7 +49,7 @@ opens. Data Collector Wizard opens. :::warning -Do not make changes to other wizard pages as they have been pre-configured for the +Don't make changes to other wizard pages as they have been pre-configured for the purpose of this job. ::: @@ -57,7 +58,7 @@ purpose of this job. **Step 4 –** The Applet Settings page applies to the applet and proxy mode scans which are selected on the Scan Server Level Page. If employing proxy servers, see the -[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md) +[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/appletsettings.md) topic for configuration instructions. ![Scan Server Selection](/images/accessanalyzer/11.6/solutions/filesystem/collection/fsacscanserverselection.webp) diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-seek_system_scans.md b/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-seek_system_scans.md index 6cc102cc5b..81f7ea0064 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-seek_system_scans.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/collection/1-seek_system_scans.md @@ -6,7 +6,7 @@ sidebar_position: 60 # 1-SEEK System Scans Job -The 1-SEEK System Scans job is designed to collect sensitive data from the targeted file servers. +The 1-SEEK System Scans job collects sensitive data from the targeted file servers. ## Query for the 1-SEEK System Scans Job @@ -25,7 +25,7 @@ The following default configurations are commonly customized: - Default Scoping Options page > Scan Settings tab: - - Set to **Limit subfolder scan depth to 2 level(s)** + - Set to **Limit subfolder scan depth to 2 levels** - Set to **Exclude system shares** - Scoping Options @@ -57,7 +57,7 @@ instructions. ### Configure the (SEEK) File System Scan Query The 1-SEEK System Scans job has been preconfigured to run with the default settings with the -category of Sensitive data Scan. Follow these steps to set any desired customizations. +category of Sensitive data Scan. To customize the configuration, complete the following steps. **Step 1 –** Navigate to the **FileSystem** > **0.Collection** > **1-SEEK System Scans** > **Configure** node and select the **Queries** node. @@ -69,7 +69,7 @@ opens. Data Collector Wizard opens. :::warning -Do not make changes to other wizard pages as they have been pre-configured for the +Don't make changes to other wizard pages as they have been pre-configured for the purpose of this job. ::: @@ -78,7 +78,7 @@ purpose of this job. **Step 4 –** The Applet Settings page applies to the applet and proxy mode scans which are selected on the Scan Server Level page. If employing proxy servers, see the -[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md) +[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/appletsettings.md) topic for configuration instructions. ![Scan Server Selection](/images/accessanalyzer/11.6/solutions/filesystem/collection/fsaaseekserverselection.webp) @@ -96,7 +96,7 @@ for additional information. for additional information. :::note -If streaming is enabled, the **2-SEEK Bulk Import** job is no longer needed as part of the +If you enable streaming, you no longer need the **2-SEEK Bulk Import** job as part of the **0.Collection** job group. ::: @@ -122,13 +122,13 @@ topic for additional information. - Action on failure to enable LAT Preservation – Before scanning each file, FSAA attempts to enable an operating system feature to preserve the LAT when accessing the file. This operation - may fail for a variety of reasons, which include but are not limited to: the operating system - or file system where the file is located does not support LAT preservation, or insufficient + may fail for a variety of reasons, which include but aren't limited to: the operating system + or file system where the file is located doesn't support LAT preservation, or insufficient permissions from the service account trying to access the file. The following configuration addresses a failure to enable the LAT preservation mode: - Continue to scan file silently – FSAA scans the file with the possibility that LAT - preservation is not possible. No warning will be shown. + preservation isn't possible. No warning will be shown. - Continue to scan file with warning – FSAA scans the file with the possibility that LAT will not be preserved. A warning will be shown for this file. - Skip file silently – FSAA will not scan the file. No warning will be shown. @@ -172,7 +172,7 @@ for additional information: - Scope to scan only Open shares :::note -This option only works in conjunction with File System Access Auditing. +This option only works with File System Access Auditing. ::: @@ -212,7 +212,7 @@ topic for additional information. ![SDD Criteria Settings](/images/accessanalyzer/11.6/solutions/filesystem/collection/seeksddcriteriasettings.webp) -**Step 12 –** On the SDD Criteria Settings page, add or remove criteria as desired. See the +**Step 12 –** Add or remove criteria on the SDD Criteria Settings page as desired. See the [FSAA: SDD Criteria Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/sddcriteria.md) topic for additional information. @@ -221,7 +221,7 @@ for additional information. topic for additional information :::note -By default, discovered sensitive data strings are not stored in the Enterprise Auditor +By default, discovered sensitive data strings aren't stored in the Enterprise Auditor database. ::: diff --git a/docs/accessanalyzer/11.6/solutions/filesystem/recommended.md b/docs/accessanalyzer/11.6/solutions/filesystem/recommended.md index 43c8352aec..a6ba54d0dd 100644 --- a/docs/accessanalyzer/11.6/solutions/filesystem/recommended.md +++ b/docs/accessanalyzer/11.6/solutions/filesystem/recommended.md @@ -7,13 +7,12 @@ sidebar_position: 10 # Recommended Configuration for the File System Solution The File System Solution has been configured to inherit down from the **FileSystem** > **Settings** -node for most jobs. However, it is a best practice to assign the host list and the Connection -Profile at the data collection level. Once these are assigned to the job, it can be run manually or -scheduled. +node for most jobs. However, as a best practice, assign the host list and the Connection Profile at the data collection +level. After you assign these to the job, you can run it manually or schedule it. :::tip -Remember, the credential permissions required for the scan and host lists are affected by the scan -mode selected. See the +Remember, the scan mode you select affects the credential permissions required for the scan and +host lists. See the [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. ::: @@ -21,7 +20,7 @@ topic for additional information. **Dependencies** -- The .Active Directory Inventory Job Group needs to be executed prior to running the File System +- The .Active Directory Inventory Job Group needs to be executed before running the File System Solution - File System Proxy deployed to targeted proxy servers (for proxy scanning architecture only) - Activity Monitor deployed, configured, and services running (for Activity Auditing only) @@ -32,21 +31,21 @@ topic for additional information. **Targeted Hosts** -The host list assignment should be assigned under the **FileSystem** > **0.Collection** > +Assign the host list under the **FileSystem** > **0.Collection** > **[job]** > **Host** node. The list should be a custom created list for the file system environments -to be targeted. Check the box for the custom-created host list. It is necessary for the **…System -Scans** jobs and the corresponding **…Bulk Import** jobs to be set to the same host lists. +to be targeted. Check the box for the custom-created host list. The **…System +Scans** jobs and the corresponding **…Bulk Import** jobs must use the same host lists. The 0-FSDFS System Scans Job is an exception and is set to the Default domain controller. For -standalone namespaces, modify this host list to target the desired File Systems or Storage -Controllers. +standalone namespaces, modify this host list to target the File Systems or Storage Controllers you +want to scan. -If targeting Nasuni Edge Appliances, the 0-FS_Nasuni Job needs to be assigned a custom host list +If you target Nasuni Edge Appliances, assign the 0-FS_Nasuni Job a custom host list containing all on-premise Nasuni Edge Appliances and cloud filers. If using multiple proxy servers, these should also be configured within a different custom-created host list. Then assign the proxy servers host list on the -[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings.md) +[FSAA: Applet Settings](/docs/accessanalyzer/11.6/admin/datacollector/fsaa/appletsettings/appletsettings.md) page of the File System Access Auditor Data Collector Wizard within the following jobs in the 0.Collection Job Group according to the type of auditing being conducted: @@ -54,9 +53,9 @@ page of the File System Access Auditor Data Collector Wizard within the followin - 1-FSAC System Scans Job for Activity Auditing - 1-SEEK System Scans Job for Sensitive Data Discovery Auditing -Windows clusters have special needs when it comes to a host list and the host inventory data. It is -necessary to target the Windows File Server Cluster (name of the cluster) of interest when running a -scan against a Windows File System Cluster. Within the Enterprise Auditor Master Host Table, there +Windows clusters have special needs for the host list and host inventory data. You must target the +Windows File Server Cluster (name of the cluster) of interest when running a scan against a Windows +File System Cluster. Within the Enterprise Auditor Master Host Table, there should be a host entry for the cluster as well as for each node. Additionally, each of these host entries must have the name of the cluster in the WinCluster column in the host inventory data. This may need to be updated manually. See the @@ -74,8 +73,8 @@ targeted by the File System scans. ::: -In order for the selected scan mode to be applied accurately for the target file system, it is -necessary for host inventory to match the values in the table for OSType: +For the selected scan mode to apply accurately to the target file system, host inventory must match +the values in the table for OSType: | Devices | OSType Value | | ------- | -------------- | @@ -90,7 +89,7 @@ necessary for host inventory to match the values in the table for OSType: **Connection Profile** The FSAA Data Collector requires permissions based on the platform being targeted for data -collection as well as the scan mode selected. See the +collection and the scan mode selected. See the [File System Scan Options](/docs/accessanalyzer/11.6/requirements/filesystem/scanoptions/scanoptions.md) topic and the [File System Supported Platforms](/docs/accessanalyzer/11.6/requirements/filesystem/filesystems/filesystems.md) @@ -103,13 +102,13 @@ The Connection Profile should be assigned under the **FileSystem** > **0.Collect Properties window on the **Connection** tab. It is set to Use the Default Profile, as configured at the global settings level. However, since this may not be the Connection Profile with the necessary permissions for the assigned hosts, click the radio button for the **Select one of the following -user defined profiles** option and select the appropriate Connection Profile drop-down menu. +user defined profiles** option and select the appropriate Connection Profile dropdown menu. :::tip Remember, if targeting Nasuni Edge Appliances, the 0-FS_Nasuni Job needs to be assigned a custom Connection Profile containing the **API Access Key** and **Passcode** for each on-premise Nasuni Edge Appliance and cloud filer in the target environment. Nasuni API key names are case sensitive. -When providing them, ensure they are entered in the exact same case as generated. +When providing them, enter them in the exact same case as generated. ::: @@ -135,14 +134,14 @@ jobs to those desired. The jobs in the 0.Collection Job Group must be run in ord type. Run …System Scans jobs and then the corresponding …Bulk Import jobs according to the desired workflow. -The other File System Solution sub-job groups can be run in any order, together or individually, +The other File System Solution sub-job groups can be run together or individually in any order, after running the 0.Collection Job Group. The FileSystemOverview Job pulls information from both the 0.Collection Job Group and the other sub-job groups, and the report may contain blank sections if only select sub-job groups are run. :::info If only conducting one or two types of auditing, scope the solution by disabling -the undesired collection jobs. Disabling them allows the solution to run more efficiently. It is not +the undesired collection jobs. Disabling them allows the solution to run more efficiently. It isn't recommended to delete any jobs. See the [Disable or Enable a Job](/docs/accessanalyzer/11.6/admin/jobs/job/disableenable.md) topic for additional information. @@ -150,7 +149,7 @@ topic for additional information. :::note -If targeting Nasuni Edge Appliances, it is necessary to add the +If targeting Nasuni Edge Appliances, add the [0-FS_Nasuni Job](/docs/accessanalyzer/11.6/solutions/filesystem/collection/0-fs_nasuni.md) to the **0.Collection** Job Group. ::: @@ -217,13 +216,13 @@ customizations include: If the target host is a NAS device, the File System scans default to local mode for that host. - Proxy Mode with Applet – The File System applet is deployed to the Windows proxy server when the job is executed to conduct data collection. The data collection processing is initiated by - the proxy server where the applet is deployed and leverages a local mode-type scan to each of + the proxy server where the applet is deployed and uses a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Enterprise Auditor Console server. - Proxy Mode as a Service – The File System Proxy Service must be installed on the Windows proxy - servers prior to executing the scans. The data collection processing is conducted by the proxy - server where the service is running and leverages a local mode-type scan to each of the target + servers before executing the scans. The data collection processing is conducted by the proxy + server where the service is running and uses a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Enterprise Auditor Console server. The credential granted rights to interact with the service must be included in the assigned @@ -240,7 +239,7 @@ customizations include: - For first time execution, recommend setting to 0 - For second execution, recommend setting to 2 - - Then set to the desired depth. + - Then set to the depth you want. - Set on the following **0.Collection** Job Group jobs: @@ -260,10 +259,10 @@ customizations include: **Analysis Configuration** This solution should be run with the default analysis configuration. Most of these analysis tasks -are preconfigured and should not be modified or deselected. There are a few which are deselected by +are preconfigured and shouldn't be modified or deselected. There are a few which are deselected by default, as they are for troubleshooting purposes. -Though the analysis tasks should not be deselected, the following parameters can be modified: +Though the analysis tasks shouldn't be deselected, the following parameters can be modified: - The .Active Directory Inventory Solution defines large groups, deeply nested groups, stale users, and users with large tokens. These parameters can be customized and are applicable to any @@ -297,12 +296,12 @@ following jobs: - **5.Activity** > **Forensics** > **FS_PermissionChanges** Job - **5.Activity** > **Suspicious Activity** > **FS_HighestHourlyActivity** Job -Please see the appropriate topics for details on these tasks. +See the appropriate topics for details on these tasks. **Additional Consideration** -The Ad Hoc Audits Job Group is designed to work independent from the rest of the solution, but it is -dependent upon the 0.Collection Job Group. The jobs are scoped to specific shares and trustees +The Ad Hoc Audits Job Group works independently from the rest of the solution but depends on the +0.Collection Job Group. The jobs are scoped to specific shares and trustees within an analysis task. The jobs contained in the group use custom SQL scripts to render views on collected data. SQL views @@ -312,5 +311,5 @@ table names result in no data displayed within the reports or the AIC. :::tip Remember, it is recommended to scope the 0.Collection Job Group to only include the collection components desired by disabling the undesired collection jobs. Disabling them allows the solution to -run more efficiently. It is not recommended to delete any jobs. +run more efficiently. It isn't recommended to delete any jobs. ::: diff --git a/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/_category_.json b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/_category_.json new file mode 100644 index 0000000000..d55e69cd3e --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "FSAA: Applet Settings", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "appletsettings" + } +} \ No newline at end of file diff --git a/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings.md b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/appletsettings.md similarity index 97% rename from docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings.md rename to docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/appletsettings.md index 703b868398..51f6b88ffb 100644 --- a/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings.md +++ b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/appletsettings.md @@ -6,7 +6,7 @@ sidebar_position: 30 # FSAA: Applet Settings -The Applet Settings page configures how the File System Access Audit (FSAA) applet is launched and how it behaves during a scan. It is a wizard page for the categories of: +The Applet Settings page configures how the File System Access Audit (FSAA) applet launches and how it behaves during a scan. This wizard page applies to these scan categories: - File System Access/Permission Auditing Scan - File System Activity Scan @@ -129,7 +129,7 @@ In the Certificate Exchange Options section, configure the following options: - Port – Select the checkbox to specify the port number for certificate exchange. The Default port number is 8767. -- Enable SPN mapping – Provide a custom Service Principal Name (SPN) for each applet host whose automatically generated SPN isn't valid (for example, when the applet host is behind a proxy). See the [FSAA: SPN Mapping](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/spnmapping.md) topic for additional information. +- Enable SPN mapping – Provide a custom Service Principal Name (SPN) for each applet host whose automatically generated SPN isn't valid (for example, when the applet host is behind a proxy). See the [FSAA: SPN Mapping](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/spnmapping.md) topic for additional information. See the [FSAA Applet Certificate Management Overview](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/certificatemanagement/certificatemanagement.md) topic for additional information. diff --git a/docs/accessanalyzer/12.0/admin/datacollector/fsaa/spnmapping.md b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/spnmapping.md similarity index 99% rename from docs/accessanalyzer/12.0/admin/datacollector/fsaa/spnmapping.md rename to docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/spnmapping.md index 31d531d54c..90e4e04e6a 100644 --- a/docs/accessanalyzer/12.0/admin/datacollector/fsaa/spnmapping.md +++ b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/spnmapping.md @@ -1,7 +1,7 @@ --- title: "Configuring Custom SPN Mapping for Applet Hosts" description: "FSAA: SPN Mapping" -sidebar_position: 31 +sidebar_position: 20 --- # Configuring Custom SPN Mapping for Applet Hosts diff --git a/docs/accessanalyzer/12.0/admin/datacollector/fsaa/certificatemanagement/manualcertificate.md b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/certificatemanagement/manualcertificate.md index c1025df094..0b5edb7cea 100644 --- a/docs/accessanalyzer/12.0/admin/datacollector/fsaa/certificatemanagement/manualcertificate.md +++ b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/certificatemanagement/manualcertificate.md @@ -11,7 +11,7 @@ use the `FSAACertificateManager.exe` tool. The `FSAACertificateManager.exe` tool `StealthAUDIT\PrivateAssemblies\FILESYSTEMACCESS\Applet` directory. All commands in the tool are case-sensitive. -Follow the steps to use the tool to create and store the required certificates. +## Create and store the required certificates :::note In these steps, some commands need to be run on the Access Analyzer console and some on @@ -21,7 +21,7 @@ the Proxy host. In the provided example commands: - All files that are generated by the Certificate Manager or copied to the Access Analyzer console are placed in the `%SAInstallDir%\PrivateAssemblies\FILESYSTEMACCESS\Applet\My Certificates` - directory. This folder is created by the tool if it does not already exist. + directory. This folder is created by the tool if it doesn't already exist. - When operating on the proxy host, files are placed into the root of the **FSAA** folder :::tip @@ -29,8 +29,8 @@ Remember, all commands in the `FSAACertificateManager.exe` tool are case-sensiti ::: -**Step 1 –** Create a Certificate Authority (CA). The CA is a self signed certificate that will be -used to sign the client and server certificates. On the Access Analyzer console, run the following +**Step 1 –** Create a Certificate Authority (CA). The CA is a self-signed certificate that signs +the client and server certificates. On the Access Analyzer console, run the following command: ``` @@ -96,7 +96,7 @@ Successfully added FSAA_Client_Auth to Client following command: :::note -This conversion to a CER file is necessary so that the private key of the CA is not +This conversion to a CER file is necessary so that the private key of the CA isn't shared. ::: @@ -112,11 +112,11 @@ Successfully wrote CER certificate to .\My Certificates\MyFSAACA.cer ``` **Step 6 –** Copy `FSAACertficateManager.exe` and the CA CER file (`.\My Certificates\MyFSAACA.cer`) -to the proxy host that will be running `FSAAAppletServer.exe`. These files must be copied to the -same directory. +to the proxy host that will be running `FSAAAppletServer.exe`. Place both files in the same +directory. :::note -These copied files will be deleted from the destination directory later in Step 12. +You will delete these copied files from the destination directory later in Step 12. ::: @@ -184,13 +184,13 @@ Successfully added FSAA_Server_Auth to Server **Step 11 –** Repeat Steps 6-10 for each proxy host. -**Step 12 –** Delete all the PFX, CER, and Key files that were generated or copied in the above +**Step 12 –** Delete all the PFX, CER, and Key files that were generated or copied in the earlier steps from the output locations. All of the required FSAA certificates have been stored in the FSAA managed certificate stores. The FSAA queries need to be configured to use the **Manual** certificate exchange option. This option can be found under Applet Settings in the FSAA Data Collector Wizard. See the -[FSAA: Applet Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings.md) topic for additional information. +[FSAA: Applet Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/appletsettings.md) topic for additional information. For additional information on how to use the `FSAACertificateManager.exe` tool, run the `.\FSAACertificateManager.exe -help` command. diff --git a/docs/accessanalyzer/12.0/admin/datacollector/fsaa/overview.md b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/overview.md index 8114ea0b6b..18c69147e2 100644 --- a/docs/accessanalyzer/12.0/admin/datacollector/fsaa/overview.md +++ b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/overview.md @@ -31,7 +31,7 @@ available with a special Access Analyzer license. See the **Sensitive Data Discovery Considerations** -If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount +If running Sensitive Data Discovery (SDD) scans, you must increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host. By default, SDD scans are configured to run two concurrent threads. For example, if the job is configured to scan 8 hosts at a time with two concurrent SDD threads, then an extra 32 GB of RAM are required (8x2x2=32). @@ -42,7 +42,7 @@ The FSAA Data Collector is configured through the File System Access Auditor Dat The wizard contains the following pages, which change based up on the query category selected: - [FSAA: Query Selection](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/queryselection.md) -- [FSAA: Applet Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings.md) +- [FSAA: Applet Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/appletsettings.md) - [FSAA: Scan Server Selection](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/scanserverselection.md) - [FSAA: Scan Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/scansettings.md) - [FSAA: Azure Tenant Mapping](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/azuretenantmapping.md) diff --git a/docs/accessanalyzer/12.0/admin/datacollector/fsaa/updateservicesettings.md b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/updateservicesettings.md index 0a0574dc54..172dd9d8a7 100644 --- a/docs/accessanalyzer/12.0/admin/datacollector/fsaa/updateservicesettings.md +++ b/docs/accessanalyzer/12.0/admin/datacollector/fsaa/updateservicesettings.md @@ -6,21 +6,20 @@ sidebar_position: 140 # FSAA: FSAA Update Service Setting -The FSAA Update Service Setting page is where the File System Proxy Service can be automatically -updated on hosts where the service has already been installed. It requires the File System Proxy -Service to be v8.0 or later prior to using this feature. It is a wizard page for the category of -Update Proxy Service. +Use the FSAA Update Service Setting page to automatically update the File System Proxy Service on +hosts where the service is already installed. This page requires the File System Proxy Service to be +v8.0 or later. This wizard page applies to the Update Proxy Service category. ![FSAA Data Collector Wizard FSAA Update Service Setting page](/images/accessanalyzer/12.0/admin/datacollector/fsaa/updateservice.webp) Configure the settings for the targeted File System Proxy Service: - Port number – The default port number is 8766 -- Applet communication timeout: [number] minute(s) – This option determines the length of time (in +- Applet communication timeout: [number] minutes – This option determines the length of time (in minutes) the Access Analyzer Console attempts to reach the proxy before giving up. Depending on the job configuration, the data collector behaves in one of three ways after the timeout value has been exceeded. -- Scan cancellation timeout: [number] minute(s) – When selected, this option will timeout the applet - if there is an attempt to pause the scan and the applet does not respond +- Scan cancellation timeout: [number] minutes – When selected, this option will timeout the applet + if there is an attempt to pause the scan and the applet doesn't respond -See the [FSAA: Applet Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings.md) topic for additional information. +See the [FSAA: Applet Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/appletsettings.md) topic for additional information. diff --git a/docs/accessanalyzer/12.0/requirements/filesystem/scanoptions/proxy-mode-scans/as-a-service/proxymodeservicepermissions.md b/docs/accessanalyzer/12.0/requirements/filesystem/scanoptions/proxy-mode-scans/as-a-service/proxymodeservicepermissions.md index aacdf937e6..a3219bce7e 100644 --- a/docs/accessanalyzer/12.0/requirements/filesystem/scanoptions/proxy-mode-scans/as-a-service/proxymodeservicepermissions.md +++ b/docs/accessanalyzer/12.0/requirements/filesystem/scanoptions/proxy-mode-scans/as-a-service/proxymodeservicepermissions.md @@ -8,10 +8,10 @@ sidebar_position: 10 When File System scans are run in proxy mode as a service, there are two methods available for deploying the service: -* Pre-Installed File System Proxy Service – File System Proxy Service installation package must be installed on the Windows proxy servers prior to executing the scans. This is the recommended method. +* Pre-Installed File System Proxy Service – File System Proxy Service installation package must be installed on the Windows proxy servers before executing the scans. This is the recommended method. * Ad Hoc File System Proxy Service Deployment – File System Proxy Service is installed on the Windows proxy server when the job is executed -The data collection processing is conducted by the proxy server where the service is running and leverages a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Access Analyzer Console server. +The proxy server where the service runs conducts data collection processing and uses a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Access Analyzer Console server. **File System Proxy Service Credentials** @@ -26,20 +26,20 @@ Additionally, the credential must have `WRITE` access to the `…\StealthAUDIT\F **Sensitive Data Discovery Auditing Consideration** -Sensitive Data Discovery Auditing scans require .NET Framework 4.7.2 or later. If running Sensitive Data Discovery (SDD) scans, it will be necessary to increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host.. By default, SDD scans are configured to run two concurrent threads. For example, if the job is configured to scan 8 hosts at a time with two concurrent SDD threads, then an extra 32 GB of RAM are required (8x2x2=32). +Sensitive Data Discovery Auditing scans require .NET Framework 4.7.2 or later. If running Sensitive Data Discovery (SDD) scans, you must increase the minimum amount of RAM. Each thread requires a minimum of 2 additional GB of RAM per host. By default, SDD scans are configured to run two concurrent threads. For example, if the job is configured to scan 8 hosts at a time with two concurrent SDD threads, then an extra 32 GB of RAM are required (8x2x2=32). **Secure Proxy Communication Considerations** For secure proxy communication via https, a credential is supplied during installation to provide secure communications between the Access Analyzer server and the proxy server. This credential must -be a domain account, but no additional permissions are required. It is recommended to use the same -domain account configured to run the proxy service as a credential in the Connection Profile to be -used by the File System Solution +be a domain account, but no additional permissions are required. Use the same domain account +configured to run the proxy service as the credential in the Connection Profile that the File +System Solution uses. **Secure Proxy Communication and Certificate Exchange** For Proxy Mode as a Service Scans, the certificate exchange mechanism and certificate exchange port -must be configured via the File System Access Auditing Data Collector Wizard prior to executing a +must be configured via the File System Access Auditing Data Collector Wizard before executing a scan. See the [FSAA Applet Certificate Management Overview](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/certificatemanagement/certificatemanagement.md) topic for additional information. @@ -53,9 +53,9 @@ rule information. - Console ↔ Proxy: **NAA** **Computer Account (Kerberos)** - Target Access (Proxy ↔ Targets): Connection Profile Account :::note -If the service is deployed by the File System Scan job (as opposed to manually installed), the account used by the connection profile will be used to run the FSAA Proxy Service unless **Run service as Local System** is checked on the Applet Settings page of the job query. Alternatively, a credential added to the connection profile using either **Task (Local)** or **Task (Domain)** can be used to run the service. +If the service is deployed by the File System Scan job (as opposed to manually installed), the account used by the connection profile will be used to run the FSAA Proxy Service unless **Run service as Local System** is checked on the Applet Settings page of the job query. Alternatively, you can add a credential to the connection profile using either **Task (Local)** or **Task (Domain)** to run the service. -If the target host resides in a different domain than the proxy server and there is no trust relationship between the two domains, a task credential for the proxy domain is required to be stacked with the credential for scanning the target file system. +If the target host resides in a different domain than the proxy server and there is no trust relationship between the two domains, you must stack a task credential for the proxy domain with the credential for scanning the target file system. For example: **Scanning Configuration:** NAA Console [Domain A] → Proxy Server [Domain A] → File Server [Domain B] @@ -64,16 +64,16 @@ For example: - Task (Domain) | Domain A\Credentials ::: -## How do I determine if I’m using Proxy Mode with Service scanning? +## Verify Proxy Mode with Service scanning -The best way to verify if you’re using Proxy Mode with Service scanning is via the FSAA Data Collector Query Settings:: +To verify Proxy Mode with Service scanning, check the FSAA Data Collector Query Settings: ### Pre-Install File System Proxy Service -1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/12_0/admin/datacollector/fsaa/appletsettings) > Applet Launch Mechanism: Require applet to be running as a service on target +1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/12_0/admin/datacollector/fsaa/appletsettings/appletsettings) > Applet Launch Mechanism: Require applet to be running as a service on target 2. [Scan Server Selection](https://docs.netwrix.com/docs/accessanalyzer/12_0/admin/datacollector/fsaa/scanserverselection) > “Specific Remote Server: “ **OR** “Specific Remote Servers by Host List” **_OR_** ### Deploy Service on Scan -1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/12_0/admin/datacollector/fsaa/appletsettings) > Applet Launch Mechanism: Windows Service +1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/12_0/admin/datacollector/fsaa/appletsettings/appletsettings) > Applet Launch Mechanism: Windows Service 2. [Scan Server Selection](https://docs.netwrix.com/docs/accessanalyzer/12_0/admin/datacollector/fsaa/scanserverselection) > “Specific Remote Server: “ **OR** “Specific Remote Servers by Host List” \ No newline at end of file diff --git a/docs/accessanalyzer/12.0/requirements/filesystem/scanoptions/proxy-mode-scans/with-applet/proxymodeappletpermissions.md b/docs/accessanalyzer/12.0/requirements/filesystem/scanoptions/proxy-mode-scans/with-applet/proxymodeappletpermissions.md index d830390d13..ab5c4aaa49 100644 --- a/docs/accessanalyzer/12.0/requirements/filesystem/scanoptions/proxy-mode-scans/with-applet/proxymodeappletpermissions.md +++ b/docs/accessanalyzer/12.0/requirements/filesystem/scanoptions/proxy-mode-scans/with-applet/proxymodeappletpermissions.md @@ -6,9 +6,9 @@ sidebar_position: 10 # Proxy Mode with Applet Permissions -When File System scans are run in proxy mode with applet, it means the File System applet is deployed to the Windows proxy server when the job is executed to conduct data collection. The data collection processing is initiated by the proxy server where the applet is deployed and leverages a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Access Analyzer Console server. +When File System scans are run in proxy mode with applet, it means the File System applet is deployed to the Windows proxy server when the job is executed to conduct data collection. The proxy server where the applet is deployed initiates data collection processing and uses a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Access Analyzer Console server. -Configure the credential(s) with the following rights on the proxy server(s): +Configure the credentials with the following rights on the proxy servers: - Group membership in the local Administrators group - Granted the Backup files and directories local policy privilege @@ -24,8 +24,8 @@ the applet. :::warning -The local policy, “Network access: Do not allow storage of passwords and credentials -for network authentication” must be disabled in order for the applet to start. +The local policy, “Network access: Don't allow storage of passwords and credentials +for network authentication” must be disabled for the applet to start. ::: @@ -40,7 +40,7 @@ information. **Secure Proxy Communication Considerations** For Proxy Mode with Applet scans, the certificate exchange mechanism and certificate exchange port -must be configured via the File System Access Auditing Data Collector Wizard prior to executing a +must be configured via the File System Access Auditing Data Collector Wizard before executing a scan. See the [FSAA Applet Certificate Management Overview](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/certificatemanagement/certificatemanagement.md) topic for additional information. @@ -56,8 +56,8 @@ By default, the Applet will run as the connection profile account unless an addi The account used in the connection profile associated with the File System scan jobs, should have the appropriate permissions required to access the target host. See the [File System Supported Platforms](https://docs.netwrix.com/docs/accessanalyzer/12_0/requirements/filesystem/filesystems/) page for specific requirements per target file system. -## **How do I determine if I’m using Proxy Mode with Applet scanning?** +## Verify Proxy Mode with Applet scanning -The best way to verify if you’re using Proxy Mode with Applet scanning is via the FSAA Data Collector Query Settings below: -1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/12_0/admin/datacollector/fsaa/appletsettings) > Applet Launch Mechanism: MSTask Task Scheduler -2. [Scan Server Selection](https://docs.netwrix.com/docs/accessanalyzer/12_0/admin/datacollector/fsaa/scanserverselection) > “Specific Remote Server: “ **OR** “Specific Remote Servers by Host List” \ No newline at end of file +To verify Proxy Mode with Applet scanning, check the following FSAA Data Collector Query Settings: +1. [Applet Settings](https://docs.netwrix.com/docs/accessanalyzer/12_0/admin/datacollector/fsaa/appletsettings/appletsettings) > Applet Launch Mechanism: MSTask Task Scheduler +2. [Scan Server Selection](https://docs.netwrix.com/docs/accessanalyzer/12_0/admin/datacollector/fsaa/scanserverselection) > “Specific Remote Server: “ **OR** “Specific Remote Servers by Host List” diff --git a/docs/accessanalyzer/12.0/solutions/filesystem/collection/1-fsaa_system_scans.md b/docs/accessanalyzer/12.0/solutions/filesystem/collection/1-fsaa_system_scans.md index b6c1917c3c..5958e04320 100644 --- a/docs/accessanalyzer/12.0/solutions/filesystem/collection/1-fsaa_system_scans.md +++ b/docs/accessanalyzer/12.0/solutions/filesystem/collection/1-fsaa_system_scans.md @@ -6,8 +6,7 @@ sidebar_position: 40 # 1-FSAA System Scans Job -The 1-FSAA System Scans job is designed to collect access information from the targeted file -servers. +The 1-FSAA System Scans job collects access information from the targeted file servers. ## Query for the 1-FSAA System Scans Job @@ -30,7 +29,7 @@ The following default configurations are commonly customized: - Default Scoping Options page > Scan Settings tab: - - Set to **Limit subfolder scan depth to 2 level(s)** + - Set to **Limit subfolder scan depth to 2 levels** See the [Recommended Configuration for the File System Solution](/docs/accessanalyzer/12.0/solutions/filesystem/recommended.md) topic for a complete list of customizable settings. See the @@ -40,8 +39,8 @@ additional information. ### Configure the (FSAA) File System Scan Query The 1-FSAA System Scans job has been preconfigured to run with the default settings with the -category of File system access/permission auditing Scan. Follow the steps to set any desired -customizations. +category of File system access/permission auditing Scan. To customize the configuration, complete +the following steps. **Step 1 –** Navigate to the **FileSystem** > **0.Collection** > **1-FSAA System Scans** > **Configure** node and select the **Queries** node. @@ -53,7 +52,7 @@ opens. Data Collector Wizard opens. :::warning -Do not make changes to other wizard pages as they have been pre-configured for the +Don't make changes to other wizard pages as they have been pre-configured for the purpose of this job. ::: @@ -61,7 +60,7 @@ purpose of this job. ![Applet Settings](/images/accessanalyzer/12.0/solutions/filesystem/collection/fsaaseekappletsettings.webp) **Step 4 –** The Applet Settings page applies to the applet and proxy mode scans. If employing proxy -servers, see the [FSAA: Applet Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings.md) topic +servers, see the [FSAA: Applet Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/appletsettings.md) topic for configuration instructions. ![Scan Server Selection](/images/accessanalyzer/12.0/solutions/filesystem/collection/fsaaseekserverselection.webp) @@ -77,7 +76,7 @@ for additional information. information. :::note -If streaming is enabled, the **2-FSAA Bulk Import** job is no longer needed as part of the +If you enable streaming, you no longer need the **2-FSAA Bulk Import** job as part of the **0.Collection** job group. ::: @@ -102,13 +101,13 @@ additional information. - Action on failure to enable LAT Preservation – Before scanning each file, FSAA attempts to enable an operating system feature to preserve the LAT when accessing the file. This operation - may fail for a variety of reasons, which include but are not limited to: the operating system - or file system where the file is located does not support LAT preservation, or insufficient + may fail for a variety of reasons, which include but aren't limited to: the operating system + or file system where the file is located doesn't support LAT preservation, or insufficient permissions from the service account trying to access the file. The following configuration addresses a failure to enable the LAT preservation mode: - Continue to scan file silently – FSAA scans the file with the possibility that LAT - preservation is not possible. No warning will be shown. + preservation isn't possible. No warning will be shown. - Continue to scan file with warning – FSAA scans the file with the possibility that LAT will not be preserved. A warning will be shown for this file. - Skip file silently – FSAA will not scan the file. No warning will be shown. @@ -143,8 +142,8 @@ scans. See the [File Details Tab](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/defaultscopingoptions/filedetails.md) :::info -Carefully consider configuring the following settings. Applying filters when file -detail scanning has been enabled reduces the impact on the database. +Carefully consider configuring the following settings. Applying filters after you enable +file detail scanning reduces the impact on the database. ::: @@ -191,7 +190,7 @@ View the analysis task by navigating to the **FileSystem** > **0.Collection** > Scans** > **Configure** node and selecting **Analysis**. :::warning -Do not modify or deselect the selected analysis task. The analysis task is +Don't modify or deselect the selected analysis task. The analysis task is preconfigured for this job. ::: diff --git a/docs/accessanalyzer/12.0/solutions/filesystem/collection/1-fsac_system_scans.md b/docs/accessanalyzer/12.0/solutions/filesystem/collection/1-fsac_system_scans.md index 63346f036c..83228dd96c 100644 --- a/docs/accessanalyzer/12.0/solutions/filesystem/collection/1-fsac_system_scans.md +++ b/docs/accessanalyzer/12.0/solutions/filesystem/collection/1-fsac_system_scans.md @@ -6,7 +6,7 @@ sidebar_position: 50 # 1-FSAC System Scans Job -The 1-FSAC System Scans job is designed to collect activity events from the targeted file servers. +The 1-FSAC System Scans job collects activity events from the targeted file servers. ## Query for the 1-FSAC System Scans Job @@ -35,7 +35,8 @@ complete list of customizable settings. See the ### Configure the Activity Scan Query The 1-FSAC System Scans job has been preconfigured to run with the default settings with the -category of File system activity Scan. Follow the steps to set any desired customizations. +category of File system activity Scan. To customize the configuration, complete the following +steps. **Step 1 –** Navigate to the **FileSystem** > **0.Collection** > **1-FSAC System Scans** > **Configure** node and select the **Queries** node. @@ -47,7 +48,7 @@ opens. Data Collector Wizard opens. :::warning -Do not make changes to other wizard pages as they have been pre-configured for the +Don't make changes to other wizard pages as they have been pre-configured for the purpose of this job. ::: @@ -56,7 +57,7 @@ purpose of this job. **Step 4 –** The Applet Settings page applies to the applet and proxy mode scans which are selected on the Scan Server Level Page. If employing proxy servers, see the -[FSAA: Applet Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings.md) topic for configuration +[FSAA: Applet Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/appletsettings.md) topic for configuration instructions. ![Scan Server Selection](/images/accessanalyzer/12.0/solutions/filesystem/collection/fsacscanserverselection.webp) diff --git a/docs/accessanalyzer/12.0/solutions/filesystem/collection/1-seek_system_scans.md b/docs/accessanalyzer/12.0/solutions/filesystem/collection/1-seek_system_scans.md index 2ff34a7440..775d9004f1 100644 --- a/docs/accessanalyzer/12.0/solutions/filesystem/collection/1-seek_system_scans.md +++ b/docs/accessanalyzer/12.0/solutions/filesystem/collection/1-seek_system_scans.md @@ -6,7 +6,7 @@ sidebar_position: 60 # 1-SEEK System Scans Job -The 1-SEEK System Scans job is designed to collect sensitive data from the targeted file servers. +The 1-SEEK System Scans job collects sensitive data from the targeted file servers. ## Query for the 1-SEEK System Scans Job @@ -25,7 +25,7 @@ The following default configurations are commonly customized: - Default Scoping Options page > Scan Settings tab: - - Set to **Limit subfolder scan depth to 2 level(s)** + - Set to **Limit subfolder scan depth to 2 levels** - Set to **Exclude system shares** - Scoping Options @@ -56,7 +56,7 @@ instructions. ### Configure the (SEEK) File System Scan Query The 1-SEEK System Scans job has been preconfigured to run with the default settings with the -category of Sensitive data Scan. Follow these steps to set any desired customizations. +category of Sensitive data Scan. To customize the configuration, complete the following steps. **Step 1 –** Navigate to the **FileSystem** > **0.Collection** > **1-SEEK System Scans** > **Configure** node and select the **Queries** node. @@ -68,7 +68,7 @@ opens. Data Collector Wizard opens. :::warning -Do not make changes to other wizard pages as they have been pre-configured for the +Don't make changes to other wizard pages as they have been pre-configured for the purpose of this job. ::: @@ -77,7 +77,7 @@ purpose of this job. **Step 4 –** The Applet Settings page applies to the applet and proxy mode scans which are selected on the Scan Server Level page. If employing proxy servers, see the -[FSAA: Applet Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings.md) topic for configuration +[FSAA: Applet Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/appletsettings.md) topic for configuration instructions. ![Scan Server Selection](/images/accessanalyzer/12.0/solutions/filesystem/collection/fsaaseekserverselection.webp) @@ -95,7 +95,7 @@ additional information. information. :::note -If streaming is enabled, the **2-SEEK Bulk Import** job is no longer needed as part of the +If you enable streaming, you no longer need the **2-SEEK Bulk Import** job as part of the **0.Collection** job group. ::: @@ -121,13 +121,13 @@ additional information. - Action on failure to enable LAT Preservation – Before scanning each file, FSAA attempts to enable an operating system feature to preserve the LAT when accessing the file. This operation - may fail for a variety of reasons, which include but are not limited to: the operating system - or file system where the file is located does not support LAT preservation, or insufficient + may fail for a variety of reasons, which include but aren't limited to: the operating system + or file system where the file is located doesn't support LAT preservation, or insufficient permissions from the service account trying to access the file. The following configuration addresses a failure to enable the LAT preservation mode: - Continue to scan file silently – FSAA scans the file with the possibility that LAT - preservation is not possible. No warning will be shown. + preservation isn't possible. No warning will be shown. - Continue to scan file with warning – FSAA scans the file with the possibility that LAT will not be preserved. A warning will be shown for this file. - Skip file silently – FSAA will not scan the file. No warning will be shown. @@ -170,7 +170,7 @@ information: - Scope to scan only Open shares :::note -This option only works in conjunction with File System Access Auditing. +This option only works with File System Access Auditing. ::: @@ -208,7 +208,7 @@ topic for additional information. ![SDD Criteria Settings](/images/accessanalyzer/12.0/solutions/filesystem/collection/seeksddcriteriasettings.webp) -**Step 12 –** On the SDD Criteria Settings page, add or remove criteria as desired. See the +**Step 12 –** Add or remove criteria on the SDD Criteria Settings page as desired. See the [FSAA: SDD Criteria Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/sddcriteria.md) topic for additional information. @@ -217,7 +217,7 @@ information. for additional information :::note -By default, discovered sensitive data strings are not stored in the Access Analyzer +By default, discovered sensitive data strings aren't stored in the Access Analyzer database. ::: diff --git a/docs/accessanalyzer/12.0/solutions/filesystem/recommended.md b/docs/accessanalyzer/12.0/solutions/filesystem/recommended.md index a12d880ab9..3796f53776 100644 --- a/docs/accessanalyzer/12.0/solutions/filesystem/recommended.md +++ b/docs/accessanalyzer/12.0/solutions/filesystem/recommended.md @@ -7,13 +7,12 @@ sidebar_position: 10 # Recommended Configuration for the File System Solution The File System Solution has been configured to inherit down from the **FileSystem** > **Settings** -node for most jobs. However, it is a best practice to assign the host list and the Connection -Profile at the data collection level. Once these are assigned to the job, it can be run manually or -scheduled. +node for most jobs. However, as a best practice, assign the host list and the Connection Profile at the data collection +level. After you assign these to the job, you can run it manually or schedule it. :::tip -Remember, the credential permissions required for the scan and host lists are affected by the scan -mode selected. See the +Remember, the scan mode you select affects the credential permissions required for the scan and +host lists. See the [File System Scan Options](/docs/accessanalyzer/12.0/requirements/filesystem/scanoptions/scanoptions.md) topic for additional information. ::: @@ -21,30 +20,30 @@ additional information. **Dependencies** -- The .Active Directory Inventory job froup needs to be executed prior to running the File System +- The .Active Directory Inventory job group needs to be executed before running the File System solution -- The .Entra ID Inventory job group needs to be executed prior to running the File System solution +- The .Entra ID Inventory job group needs to be executed before running the File System solution (for targeting Azure Files only) - File System Proxy deployed to targeted proxy servers (for proxy scanning architecture only) - Activity Monitor deployed, configured, and services running (for Activity Auditing only) **Targeted Hosts** -The host list assignment should be assigned under the **FileSystem** > **0.Collection** > +Assign the host list under the **FileSystem** > **0.Collection** > **[job]** > **Host** node. The list should be a custom created list for the file system environments -to be targeted. Check the box for the custom-created host list. It is necessary for the **…System -Scans** jobs and the corresponding **…Bulk Import** jobs to be set to the same host lists. +to be targeted. Check the box for the custom-created host list. The **…System +Scans** jobs and the corresponding **…Bulk Import** jobs must use the same host lists. The 0-FSDFS System Scans Job is an exception and is set to the Default domain controller. For -standalone namespaces, modify this host list to target the desired File Systems or Storage -Controllers. +standalone namespaces, modify this host list to target the File Systems or Storage Controllers you +want to scan. -If targeting Nasuni Edge Appliances, the 0-FS_Nasuni Job needs to be assigned a custom host list +If you target Nasuni Edge Appliances, assign the 0-FS_Nasuni Job a custom host list containing all on-premise Nasuni Edge Appliances and cloud filers. If using multiple proxy servers, these should also be configured within a different custom-created host list. Then assign the proxy servers host list on the -[FSAA: Applet Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings.md) page of the File System +[FSAA: Applet Settings](/docs/accessanalyzer/12.0/admin/datacollector/fsaa/appletsettings/appletsettings.md) page of the File System Access Auditor Data Collector Wizard within the following jobs in the 0.Collection Job Group according to the type of auditing being conducted: @@ -52,9 +51,9 @@ according to the type of auditing being conducted: - 1-FSAC System Scans Job for Activity Auditing - 1-SEEK System Scans Job for Sensitive Data Discovery Auditing -Windows clusters have special needs when it comes to a host list and the host inventory data. It is -necessary to target the Windows File Server Cluster (name of the cluster) of interest when running a -scan against a Windows File System Cluster. Within the Access Analyzer Master Host Table, there +Windows clusters have special needs for the host list and host inventory data. You must target the +Windows File Server Cluster (name of the cluster) of interest when running a scan against a Windows +File System Cluster. Within the Access Analyzer Master Host Table, there should be a host entry for the cluster as well as for each node. Additionally, each of these host entries must have the name of the cluster in the WinCluster column in the host inventory data. This may need to be updated manually. See the [Host Inventory](/docs/accessanalyzer/12.0/admin/settings/hostinventory.md) @@ -71,8 +70,8 @@ targeted by the File System scans. ::: -In order for the selected scan mode to be applied accurately for the target file system, it is -necessary for host inventory to match the values in the table for OSType: +For the selected scan mode to apply accurately to the target file system, host inventory must match +the values in the table for OSType: | Devices | OSType Value | | ------- | -------------- | @@ -87,7 +86,7 @@ necessary for host inventory to match the values in the table for OSType: **Connection Profile** The FSAA Data Collector requires permissions based on the platform being targeted for data -collection as well as the scan mode selected. See the +collection and the scan mode selected. See the [File System Scan Options](/docs/accessanalyzer/12.0/requirements/filesystem/scanoptions/scanoptions.md) topic and the [File System Supported Platforms](/docs/accessanalyzer/12.0/requirements/filesystem/filesystems/filesystems.md) topic for necessary permissions for the supported target platforms. See the @@ -99,13 +98,13 @@ The Connection Profile should be assigned under the **FileSystem** > **0.Collect Properties window on the **Connection** tab. It is set to Use the Default Profile, as configured at the global settings level. However, since this may not be the Connection Profile with the necessary permissions for the assigned hosts, click the radio button for the **Select one of the following -user defined profiles** option and select the appropriate Connection Profile drop-down menu. +user defined profiles** option and select the appropriate Connection Profile dropdown menu. :::tip Remember, if targeting Nasuni Edge Appliances, the 0-FS_Nasuni Job needs to be assigned a custom Connection Profile containing the **API Access Key** and **Passcode** for each on-premise Nasuni Edge Appliance and cloud filer in the target environment. Nasuni API key names are case sensitive. -When providing them, ensure they are entered in the exact same case as generated. +When providing them, enter them in the exact same case as generated. ::: @@ -129,21 +128,21 @@ jobs to those desired. The jobs in the 0.Collection Job Group must be run in ord type. Run …System Scans jobs and then the corresponding …Bulk Import jobs according to the desired workflow. -The other File System Solution sub-job groups can be run in any order, together or individually, +The other File System Solution sub-job groups can be run together or individually in any order, after running the 0.Collection Job Group. The FileSystemOverview Job pulls information from both the 0.Collection Job Group and the other sub-job groups, and the report may contain blank sections if only select sub-job groups are run. :::info If only conducting one or two types of auditing, scope the solution by disabling -the undesired collection jobs. Disabling them allows the solution to run more efficiently. It is not +the undesired collection jobs. Disabling them allows the solution to run more efficiently. It isn't recommended to delete any jobs. See the [Disable or Enable a Job](/docs/accessanalyzer/12.0/admin/jobs/job/disableenable.md) topic for additional information. ::: :::note -If targeting Nasuni Edge Appliances, it is necessary to add the +If targeting Nasuni Edge Appliances, add the [0-FS_Nasuni Job](/docs/accessanalyzer/12.0/solutions/filesystem/collection/0-fs_nasuni.md) to the **0.Collection** Job Group. ::: @@ -207,13 +206,13 @@ customizations include: the target host is a NAS device, the File System scans default to local mode for that host. - Proxy Mode with Applet – The File System applet is deployed to the Windows proxy server when the job is executed to conduct data collection. The data collection processing is initiated by - the proxy server where the applet is deployed and leverages a local mode-type scan to each of + the proxy server where the applet is deployed and uses a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Access Analyzer Console server. - Proxy Mode as a Service – The File System Proxy Service must be installed on the Windows proxy - servers prior to executing the scans. The data collection processing is conducted by the proxy - server where the service is running and leverages a local mode-type scan to each of the target + servers before executing the scans. The data collection processing is conducted by the proxy + server where the service is running and uses a local mode-type scan to each of the target hosts. The final step in data collection is to compress and transfer the data collected in the SQLite databases, or Tier 2 databases, back to the Access Analyzer Console server. The credential granted rights to interact with the service must be included in the assigned @@ -230,7 +229,7 @@ customizations include: - For first time execution, recommend setting to 0 - For second execution, recommend setting to 2 - - Then set to the desired depth. + - Then set to the depth you want. - Set on the following **0.Collection** Job Group jobs: @@ -250,10 +249,10 @@ customizations include: **Analysis Configuration** This solution should be run with the default analysis configuration. Most of these analysis tasks -are preconfigured and should not be modified or deselected. There are a few which are deselected by +are preconfigured and shouldn't be modified or deselected. There are a few which are deselected by default, as they are for troubleshooting purposes. -Though the analysis tasks should not be deselected, the following parameters can be modified: +Though the analysis tasks shouldn't be deselected, the following parameters can be modified: - The .Active Directory Inventory Solution defines large groups, deeply nested groups, stale users, and users with large tokens. These parameters can be customized and are applicable to any @@ -287,12 +286,12 @@ following jobs: - **5.Activity** > **Forensics** > **FS_PermissionChanges** Job - **5.Activity** > **Suspicious Activity** > **FS_HighestHourlyActivity** Job -Please see the appropriate topics for details on these tasks. +See the appropriate topics for details on these tasks. **Additional Consideration** -The Ad Hoc Audits Job Group is designed to work independent from the rest of the solution, but it is -dependent upon the 0.Collection Job Group. The jobs are scoped to specific shares and trustees +The Ad Hoc Audits Job Group works independently from the rest of the solution but depends on the +0.Collection Job Group. The jobs are scoped to specific shares and trustees within an analysis task. The jobs contained in the group use custom SQL scripts to render views on collected data. SQL views @@ -302,5 +301,5 @@ table names result in no data displayed within the reports or the AIC. :::tip Remember, it is recommended to scope the 0.Collection Job Group to only include the collection components desired by disabling the undesired collection jobs. Disabling them allows the solution to -run more efficiently. It is not recommended to delete any jobs. +run more efficiently. It isn't recommended to delete any jobs. :::