Begin Scanning a Confluence App

Before you can begin scanning a Confluence app, you must configure the application links required for authentication and communication between the Aperture Service and your Confluence account. As you prepare the Confluence account, take note of the following values, as they are required to complete the setup of the Confluence app within Aperture:
Item
Description
Application URL
The Confluence URL entered in ApertureConfluence Custom Configuration.
Consumer Key
Any descriptive name you assign in Confluence for the server’s consumer key.
Public Key
The application's public key. This field is mandatory and its contents must match the public key supplied by the Aperture service.
  1. Prepare your Confluence account to work with the Aperture service.
    1. From the Aperture Dashboard, Add a Cloud App.
    2. Select Confluence.
      confluence-tile-frame.png
    3. Click here to prepare your Confluence Account.
    4. Log in to your Atlassian console with Administrator privileges (for example, https://acmecorp.atlassian.net/).
    5. Configure the Application links.
      1. Click confluence-setting-icon.png Configure Application Application Links.
      2. Enter https://aperture.paloaltonetworks.com, and then Create New Link.
      3. Click Continue on any error messages.
        Note the Application URL located at the top of the window. You will need this URL later in this procedure.
      4. Enter Aperture in Application Name and Confluence in Application Type.
      5. Select Create Incoming Link to link Confluence to the Application URL.
      6. Click Continue to save your changes.
      7. Enter any value for Consumer Key and Consumer Name.
      Take note of the Consumer Key.
    6. Copy the Public Key from Prepare Your Confluence Account in Aperture and paste it into Confluence, Link Applications, and then Continue.
    7. Edit the Application Link in Connections to set the Incoming option to Oauth and Save your setting.
    8. Close the setup window in Aperture.
  2. Add the Confluence app.
    1. Log in to your Atlassian console with Administrator privileges (for example, https://acmecorp.atlassian.net/).
    2. From the Aperture dashboard, Add a Cloud App.
    3. Select Confluence.
    4. Connect to Confluence Account.
    5. In Confluence Custom Configuration enter the Application URL and Consumer Key that you recorded earlier in this procedure.
    6. Click OK.
    7. Allow Aperture access to your Confluence account.
      Upon successful authentication using an account with the appropriate privileges, the new Confluence app is added to the list of Cloud Apps as Confluence n, where n is the number of Confluence app instances you have connected to the Aperture service. For example, if this is the second Confluence app you have added to the Aperture service, the name displays as Confluence 2.
  3. Give a descriptive name to this app instance.
    1. Select the Confluence instance on the Cloud Apps list.
    2. (Optional) Enter a descriptive Name to differentiate this instance of Confluence from other instances you are securing.
    3. Click Done to save your changes.
  4. Define global scan settings.
  5. Add policy rules.
    When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. As a best practice, consider the business use of your app to determine whether you want to Add a New Policy Rule for Content to look for risks unique to the new app.
  6. (Optional) Configure or edit a data pattern.
    When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
  7. Start scanning the new app for risks.
    1. Select SettingsCloud Apps & Scan Settings.
    2. In the Cloud Apps row that corresponds to the new Confluence app you just added, select ActionsStart Scanning.
      The status changes to Scanning. The Aperture service starts scanning assets in the associated Confluence app and begins identifying incidents.
      Depending on the number of Confluence users and assets, it may take some time for the Aperture service to complete the process of discovering all assets and users. However, as soon as you begin to see this information populating in the Aperture web interface, you can begin to Assess Incidents.
  8. Monitor the results of the scan.
    As the Aperture service starts scanning files and matching them against enabled policy rules, Monitor Scan Results on the Dashboard to verify that your policy rules are effective.
    Monitoring the progress of the scan during the discovery phase allows you to Fine-Tune Policy to modify the match criteria and ensure better results.

Related Documentation