Imperva Cyber Community

Dear Community,

I am planning to run the discovery scan on my following databases to classify PII data: I am not checking the data, I am only interested in metadata of database/tables.

1. Oracle
2. MS SQL
3. Neteeza

Questions:
1. Will it be any performance impact on the databases?
2. Do I need agent to be configured on the database host?
3. Can I connect MX directly to databases host and run the discovery scan.

Your help would be highly appreciated.

Kind Regards,


Ghulam


​
#AllImperva

------------------------------
Ghulam Mallah
Security Database Consultant
Hook
------------------------------

There are two different types of scans - discovery and data classification.
    Neither scan requires an agent to be installed on the database server.
    Both require that the MX can reach the database listener ports.
    Data classification also requires you to configure a database connection with a user that has the correct privileges.

From your questions it seems you want to do a data classification scan.
You would configure the scan and the database connection on the MX
See the section in the DAM user guide - Creating a DB Data Classification Scan

There is impact on the database for the scan to read a sample of data. 
It will vary by the size of the database, but impact is typically minimal as it is reading a small sample of the data.

Thank you Robert. You made my life much simpler.

------------------------------
Ghulam Mallah
Security Database Consultant
Hook
------------------------------

Original Message:
Sent: 02-23-2022 15:19
From: Robert Miller
Subject: Discovery scan to classify PII data without agent

There are two different types of scans - discovery and data classification.
    Neither scan requires an agent to be installed on the database server.
    Both require that the MX can reach the database listener ports.
    Data classification also requires you to configure a database connection with a user that has the correct privileges.

From your questions it seems you want to do a data classification scan.
You would configure the scan and the database connection on the MX
See the section in the DAM user guide - Creating a DB Data Classification Scan

There is impact on the database for the scan to read a sample of data.
It will vary by the size of the database, but impact is typically minimal as it is reading a small sample of the data.

------------------------------
Robert Miller
Senior Cybersecurity Engineer
Bank of the West
Omaha NE

Original Message:
Sent: 02-22-2022 15:45
From: Ghulam Mallah
Subject: Discovery scan to classify PII data without agent

Dear Community,

I am planning to run the discovery scan on my following databases to classify PII data: I am not checking the data, I am only interested in metadata of database/tables.

1. Oracle
2. MS SQL
3. Neteeza

Questions:
1. Will it be any performance impact on the databases?
2. Do I need agent to be configured on the database host?
3. Can I connect MX directly to databases host and run the discovery scan.

Your help would be highly appreciated.

Kind Regards,


Ghulam


​
#AllImperva

------------------------------
Ghulam Mallah
Security Database Consultant
Hook
------------------------------

I want to scan the database and check the database metadata that what are the field name created in the table like ID, account number, email address and etc. I am not sure that I am going to do the data classification scan.

------------------------------
Ghulam Mallah
Security Database Consultant
Hook
------------------------------

Original Message:
Sent: 02-23-2022 15:19
From: Robert Miller
Subject: Discovery scan to classify PII data without agent

There are two different types of scans - discovery and data classification.
    Neither scan requires an agent to be installed on the database server.
    Both require that the MX can reach the database listener ports.
    Data classification also requires you to configure a database connection with a user that has the correct privileges.

From your questions it seems you want to do a data classification scan.
You would configure the scan and the database connection on the MX
See the section in the DAM user guide - Creating a DB Data Classification Scan

There is impact on the database for the scan to read a sample of data.
It will vary by the size of the database, but impact is typically minimal as it is reading a small sample of the data.

------------------------------
Robert Miller
Senior Cybersecurity Engineer
Bank of the West
Omaha NE

Original Message:
Sent: 02-22-2022 15:45
From: Ghulam Mallah
Subject: Discovery scan to classify PII data without agent

Dear Community,

I am planning to run the discovery scan on my following databases to classify PII data: I am not checking the data, I am only interested in metadata of database/tables.

1. Oracle
2. MS SQL
3. Neteeza

Questions:
1. Will it be any performance impact on the databases?
2. Do I need agent to be configured on the database host?
3. Can I connect MX directly to databases host and run the discovery scan.

Your help would be highly appreciated.

Kind Regards,


Ghulam


​
#AllImperva

------------------------------
Ghulam Mallah
Security Database Consultant
Hook
------------------------------

I'm using a v13.6 MX.

The only way you can get the column names that you are interested in is by doing a data classification scan.

In the scan profile you can configure what data types to scan for and select the data type rules.
Data type rules can scan by content or column name. You can see the rules under each data type, but you are unable to see the regex in the rule.

Scanning just for column names may present a problem if they have used generic names like column_name1.

The results of the scan typically would need to be reviewed by the application owner as they have the detailed knowledge about the columns.
They could determine what may be a false positive.

The discovery scan only finds servers with the open database ports, it basically does an nmap scan against the database servers.