Imperva Cyber Community

Expand all | Collapse all

Discovery scans and classification

  • 1.  Discovery scans and classification

    Posted 9 days ago
    Hello All,

    I have new setup completed for DAM and installation of agent on couple of SQL servers is also done and we are already seeing some audit data from our Azure SQL servers from event hub. However, there is no database activity yet on servers where agent is installed. I am wondering if we need do run the scan to do data discovery or something. user guide doesn't explain very well about scenario like how and when to use data discovery scan and classification.

    Q1) Since there is no port mirroring or network TAP configured for DAM gateways, wondering how this data discovery will work in our environment? 
    Q2) Is data discovery required for servers with Agent installed?
    Q3) if answer to Q2 is Yes then do i need to have service account for OS and SQL databases created so that I can run the discovery and what permission level is required for that service account? 


    Thanks in advance!
    #DatabaseActivityMonitoring

    ------------------------------
    [Karl] [barg]
    ------------------------------


  • 2.  RE: Discovery scans and classification

    Imperva Employee
    Posted 3 days ago

    Hello,

    Data Discovery is not required to audit and alert on activity. Data Discovery is useful for locating your sensitive data (if you don't know where it is) and then creating specific audit policies around that sensitive data. 

    If you are not seeing traffic from the agent, there are two things to check that are the most common cause.


    Access Main > Setup > Agents and select the agent in question from the list.

    Click the Settings tab and confirm a Default Server Group has been defined along with a Default Service. Remember to click Save. (top right)

    Figure 1

    Next, click the Data Interfaces tab and ensure the Discovered Data Interfaces are populated.

    Figure 2