Enable Group-based Selective Scanning (Beta)
Table of Contents
Enable Group-based Selective Scanning (Beta)
Learn how to enable group-based selective scanning.
Group-based visibility requires Azure Active Directory
integration, which has many benefits, including group-based selective
scanning—the ability to include or exclude specific AD groups
from scans. Sometimes you might want to monitor the assets and accounts
of specific groups of users and not others. If your cloud app supports selective
scanning,
Data Security
enables you to select which directory
groups to include or exclude from both forward scan and backward
scan.Selective scanning is an advanced feature. Before
you enable selective scanning, contact SaaS Security Technical Support
to have your use case reviewed by an experienced Support Engineer.
Selective
scanning is supported by specific cloud
apps. By default, selective scanning is not enabled, and
it’s important that you decide if you want to enable selective scanning—before
you connect a cloud app to
Data Security
. Otherwise, you must
delete the cloud app instance, then reconnect the cloud app to Data Security
to rediscover all assets and events for all users:
all assets and events previously stored will be deleted and incidents
reported for users no longer included in the selected groups are
automatically closed.Before you enable selective scanning,
learn about selective scanning behaviors.
Selective Scanning Behaviors
As you maintain selective scanning and groups in active
directory services, consider how
Data Security
updates your
scan results, user activities, and incidents.Group/User Change | Data Security ... |
|---|---|
Remove a user from a group in directory services | Removes assets or user activities. Closes
any related incidents. Takes up to 7 days. |
Remove a group from Selective Scanning | |
Add a user to a group in directory services. | Records new user activities. |
Add a group to Selective Scanning |
Enable Selective Scanning During Onboarding
Enable group-based selective scanning when you onboard the cloud app.
- Log in to SaaS Security.
- Connect your the cloud app toData Security.
- SelectEnable selective scanning.
- You can choose to eitherScanorExclude From Scanyour user groups.
- Choose your groups from theAvailable Groupslist and move them to theSelected Groupslist.
- SelectSaveto continue.
You can perform steps 4 to 7 any number of times and make any changes as long as you have not started scanning your app. However, if you have started scanning, you cannot change the status of selective scanning for your app. For example, in the following screen shot, the instanceBox 26has started scanning and thus all operations related to selective scanning are disabled.