: Enable Group-based Selective Scanning
Focus
Focus

Enable Group-based Selective Scanning

Table of Contents

Enable Group-based Selective Scanning

Learn how to enable group-based selective scanning.
The steps to enable group-based selective scanning are the same for both new customers integrating CIE with Data Security and legacy customers integrating Azure Active Directory with Data Security.
Group-based selective scanning is the ability to include or exclude specific AD groups from scans. Sometimes you might want to monitor the assets and accounts of specific groups of users and not others. If your cloud app supports selective scanning, Data Security enables you to select which directory groups to include or exclude from both forward scan and backward scan.
Selective scanning is supported by specific cloud apps. By default, selective scanning is not enabled, and it’s important that you decide if you want to enable selective scanning—before you connect a cloud app to Data Security. Otherwise, you must delete the cloud app instance, then reconnect the cloud app to Data Security to rediscover all assets and events for all users: all assets and events previously stored will be deleted and incidents reported for users no longer included in the selected groups are automatically closed.
Before you enable selective scanning, learn about selective scanning behaviors.

Selective Scanning Behaviors

As you maintain selective scanning and groups in active directory services, consider how Data Security updates your scan results, user activities, and incidents.
Group/User ChangeData Security...
Remove a user from a group in directory services
Removes assets or user activities. Closes any related incidents. Takes up to 7 days.
Remove a group from Selective Scanning
Add a user to a group in directory services.
Records new user activities.
Add a group to Selective Scanning

Enable Selective Scanning During Onboarding

Enable group-based selective scanning when you onboard the cloud app.
  1. Log in to SaaS Security.
  2. Choose one of the following:
  3. Select Enable selective scanning.
  4. You can choose to either Scan or Exclude From Scan your user groups.
  5. Choose your groups from the Available Groups list and move them to the Selected Groups list.
  6. Select Save to continue.
    You can perform steps 4 to 7 any number of times and make any changes as long as you have not started scanning your app. However, if you have started scanning, you cannot change the status of selective scanning for your app.
  7. Start Scanning your app.
    In the following screen shot, the instance Box 26 has started scanning and thus all operations related to selective scanning are disabled.
    It’s easier to enable group-based selective scanning when you onboard the cloud app. If, however, you choose to enable afterward, you must delete the cloud app instance and add it back so Data Security can discover all assets and events for all users.